]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - drivers/staging/skein/threefish_block.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branches 'pm-cpufreq', 'pm-cpuidle' and 'acpi-cppc'
[mirror_ubuntu-bionic-kernel.git] / drivers / staging / skein / threefish_block.c
1 #include <linux/bitops.h>
2 #include "threefish_api.h"
3
4 void threefish_encrypt_256(struct threefish_key *key_ctx, u64 *input,
5 u64 *output)
6 {
7 u64 b0 = input[0], b1 = input[1],
8 b2 = input[2], b3 = input[3];
9 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
10 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
11 k4 = key_ctx->key[4];
12 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
13 t2 = key_ctx->tweak[2];
14
15 b1 += k1 + t0;
16 b0 += b1 + k0;
17 b1 = rol64(b1, 14) ^ b0;
18
19 b3 += k3;
20 b2 += b3 + k2 + t1;
21 b3 = rol64(b3, 16) ^ b2;
22
23 b0 += b3;
24 b3 = rol64(b3, 52) ^ b0;
25
26 b2 += b1;
27 b1 = rol64(b1, 57) ^ b2;
28
29 b0 += b1;
30 b1 = rol64(b1, 23) ^ b0;
31
32 b2 += b3;
33 b3 = rol64(b3, 40) ^ b2;
34
35 b0 += b3;
36 b3 = rol64(b3, 5) ^ b0;
37
38 b2 += b1;
39 b1 = rol64(b1, 37) ^ b2;
40
41 b1 += k2 + t1;
42 b0 += b1 + k1;
43 b1 = rol64(b1, 25) ^ b0;
44
45 b3 += k4 + 1;
46 b2 += b3 + k3 + t2;
47 b3 = rol64(b3, 33) ^ b2;
48
49 b0 += b3;
50 b3 = rol64(b3, 46) ^ b0;
51
52 b2 += b1;
53 b1 = rol64(b1, 12) ^ b2;
54
55 b0 += b1;
56 b1 = rol64(b1, 58) ^ b0;
57
58 b2 += b3;
59 b3 = rol64(b3, 22) ^ b2;
60
61 b0 += b3;
62 b3 = rol64(b3, 32) ^ b0;
63
64 b2 += b1;
65 b1 = rol64(b1, 32) ^ b2;
66
67
68 b1 += k3 + t2;
69 b0 += b1 + k2;
70 b1 = rol64(b1, 14) ^ b0;
71
72 b3 += k0 + 2;
73 b2 += b3 + k4 + t0;
74 b3 = rol64(b3, 16) ^ b2;
75
76 b0 += b3;
77 b3 = rol64(b3, 52) ^ b0;
78
79 b2 += b1;
80 b1 = rol64(b1, 57) ^ b2;
81
82 b0 += b1;
83 b1 = rol64(b1, 23) ^ b0;
84
85 b2 += b3;
86 b3 = rol64(b3, 40) ^ b2;
87
88 b0 += b3;
89 b3 = rol64(b3, 5) ^ b0;
90
91 b2 += b1;
92 b1 = rol64(b1, 37) ^ b2;
93
94 b1 += k4 + t0;
95 b0 += b1 + k3;
96 b1 = rol64(b1, 25) ^ b0;
97
98 b3 += k1 + 3;
99 b2 += b3 + k0 + t1;
100 b3 = rol64(b3, 33) ^ b2;
101
102 b0 += b3;
103 b3 = rol64(b3, 46) ^ b0;
104
105 b2 += b1;
106 b1 = rol64(b1, 12) ^ b2;
107
108 b0 += b1;
109 b1 = rol64(b1, 58) ^ b0;
110
111 b2 += b3;
112 b3 = rol64(b3, 22) ^ b2;
113
114 b0 += b3;
115 b3 = rol64(b3, 32) ^ b0;
116
117 b2 += b1;
118 b1 = rol64(b1, 32) ^ b2;
119
120
121 b1 += k0 + t1;
122 b0 += b1 + k4;
123 b1 = rol64(b1, 14) ^ b0;
124
125 b3 += k2 + 4;
126 b2 += b3 + k1 + t2;
127 b3 = rol64(b3, 16) ^ b2;
128
129 b0 += b3;
130 b3 = rol64(b3, 52) ^ b0;
131
132 b2 += b1;
133 b1 = rol64(b1, 57) ^ b2;
134
135 b0 += b1;
136 b1 = rol64(b1, 23) ^ b0;
137
138 b2 += b3;
139 b3 = rol64(b3, 40) ^ b2;
140
141 b0 += b3;
142 b3 = rol64(b3, 5) ^ b0;
143
144 b2 += b1;
145 b1 = rol64(b1, 37) ^ b2;
146
147 b1 += k1 + t2;
148 b0 += b1 + k0;
149 b1 = rol64(b1, 25) ^ b0;
150
151 b3 += k3 + 5;
152 b2 += b3 + k2 + t0;
153 b3 = rol64(b3, 33) ^ b2;
154
155 b0 += b3;
156 b3 = rol64(b3, 46) ^ b0;
157
158 b2 += b1;
159 b1 = rol64(b1, 12) ^ b2;
160
161 b0 += b1;
162 b1 = rol64(b1, 58) ^ b0;
163
164 b2 += b3;
165 b3 = rol64(b3, 22) ^ b2;
166
167 b0 += b3;
168 b3 = rol64(b3, 32) ^ b0;
169
170 b2 += b1;
171 b1 = rol64(b1, 32) ^ b2;
172
173
174 b1 += k2 + t0;
175 b0 += b1 + k1;
176 b1 = rol64(b1, 14) ^ b0;
177
178 b3 += k4 + 6;
179 b2 += b3 + k3 + t1;
180 b3 = rol64(b3, 16) ^ b2;
181
182 b0 += b3;
183 b3 = rol64(b3, 52) ^ b0;
184
185 b2 += b1;
186 b1 = rol64(b1, 57) ^ b2;
187
188 b0 += b1;
189 b1 = rol64(b1, 23) ^ b0;
190
191 b2 += b3;
192 b3 = rol64(b3, 40) ^ b2;
193
194 b0 += b3;
195 b3 = rol64(b3, 5) ^ b0;
196
197 b2 += b1;
198 b1 = rol64(b1, 37) ^ b2;
199
200 b1 += k3 + t1;
201 b0 += b1 + k2;
202 b1 = rol64(b1, 25) ^ b0;
203
204 b3 += k0 + 7;
205 b2 += b3 + k4 + t2;
206 b3 = rol64(b3, 33) ^ b2;
207
208 b0 += b3;
209 b3 = rol64(b3, 46) ^ b0;
210
211 b2 += b1;
212 b1 = rol64(b1, 12) ^ b2;
213
214 b0 += b1;
215 b1 = rol64(b1, 58) ^ b0;
216
217 b2 += b3;
218 b3 = rol64(b3, 22) ^ b2;
219
220 b0 += b3;
221 b3 = rol64(b3, 32) ^ b0;
222
223 b2 += b1;
224 b1 = rol64(b1, 32) ^ b2;
225
226
227 b1 += k4 + t2;
228 b0 += b1 + k3;
229 b1 = rol64(b1, 14) ^ b0;
230
231 b3 += k1 + 8;
232 b2 += b3 + k0 + t0;
233 b3 = rol64(b3, 16) ^ b2;
234
235 b0 += b3;
236 b3 = rol64(b3, 52) ^ b0;
237
238 b2 += b1;
239 b1 = rol64(b1, 57) ^ b2;
240
241 b0 += b1;
242 b1 = rol64(b1, 23) ^ b0;
243
244 b2 += b3;
245 b3 = rol64(b3, 40) ^ b2;
246
247 b0 += b3;
248 b3 = rol64(b3, 5) ^ b0;
249
250 b2 += b1;
251 b1 = rol64(b1, 37) ^ b2;
252
253 b1 += k0 + t0;
254 b0 += b1 + k4;
255 b1 = rol64(b1, 25) ^ b0;
256
257 b3 += k2 + 9;
258 b2 += b3 + k1 + t1;
259 b3 = rol64(b3, 33) ^ b2;
260
261 b0 += b3;
262 b3 = rol64(b3, 46) ^ b0;
263
264 b2 += b1;
265 b1 = rol64(b1, 12) ^ b2;
266
267 b0 += b1;
268 b1 = rol64(b1, 58) ^ b0;
269
270 b2 += b3;
271 b3 = rol64(b3, 22) ^ b2;
272
273 b0 += b3;
274 b3 = rol64(b3, 32) ^ b0;
275
276 b2 += b1;
277 b1 = rol64(b1, 32) ^ b2;
278
279
280 b1 += k1 + t1;
281 b0 += b1 + k0;
282 b1 = rol64(b1, 14) ^ b0;
283
284 b3 += k3 + 10;
285 b2 += b3 + k2 + t2;
286 b3 = rol64(b3, 16) ^ b2;
287
288 b0 += b3;
289 b3 = rol64(b3, 52) ^ b0;
290
291 b2 += b1;
292 b1 = rol64(b1, 57) ^ b2;
293
294 b0 += b1;
295 b1 = rol64(b1, 23) ^ b0;
296
297 b2 += b3;
298 b3 = rol64(b3, 40) ^ b2;
299
300 b0 += b3;
301 b3 = rol64(b3, 5) ^ b0;
302
303 b2 += b1;
304 b1 = rol64(b1, 37) ^ b2;
305
306 b1 += k2 + t2;
307 b0 += b1 + k1;
308 b1 = rol64(b1, 25) ^ b0;
309
310 b3 += k4 + 11;
311 b2 += b3 + k3 + t0;
312 b3 = rol64(b3, 33) ^ b2;
313
314 b0 += b3;
315 b3 = rol64(b3, 46) ^ b0;
316
317 b2 += b1;
318 b1 = rol64(b1, 12) ^ b2;
319
320 b0 += b1;
321 b1 = rol64(b1, 58) ^ b0;
322
323 b2 += b3;
324 b3 = rol64(b3, 22) ^ b2;
325
326 b0 += b3;
327 b3 = rol64(b3, 32) ^ b0;
328
329 b2 += b1;
330 b1 = rol64(b1, 32) ^ b2;
331
332
333 b1 += k3 + t0;
334 b0 += b1 + k2;
335 b1 = rol64(b1, 14) ^ b0;
336
337 b3 += k0 + 12;
338 b2 += b3 + k4 + t1;
339 b3 = rol64(b3, 16) ^ b2;
340
341 b0 += b3;
342 b3 = rol64(b3, 52) ^ b0;
343
344 b2 += b1;
345 b1 = rol64(b1, 57) ^ b2;
346
347 b0 += b1;
348 b1 = rol64(b1, 23) ^ b0;
349
350 b2 += b3;
351 b3 = rol64(b3, 40) ^ b2;
352
353 b0 += b3;
354 b3 = rol64(b3, 5) ^ b0;
355
356 b2 += b1;
357 b1 = rol64(b1, 37) ^ b2;
358
359 b1 += k4 + t1;
360 b0 += b1 + k3;
361 b1 = rol64(b1, 25) ^ b0;
362
363 b3 += k1 + 13;
364 b2 += b3 + k0 + t2;
365 b3 = rol64(b3, 33) ^ b2;
366
367 b0 += b3;
368 b3 = rol64(b3, 46) ^ b0;
369
370 b2 += b1;
371 b1 = rol64(b1, 12) ^ b2;
372
373 b0 += b1;
374 b1 = rol64(b1, 58) ^ b0;
375
376 b2 += b3;
377 b3 = rol64(b3, 22) ^ b2;
378
379 b0 += b3;
380 b3 = rol64(b3, 32) ^ b0;
381
382 b2 += b1;
383 b1 = rol64(b1, 32) ^ b2;
384
385
386 b1 += k0 + t2;
387 b0 += b1 + k4;
388 b1 = rol64(b1, 14) ^ b0;
389
390 b3 += k2 + 14;
391 b2 += b3 + k1 + t0;
392 b3 = rol64(b3, 16) ^ b2;
393
394 b0 += b3;
395 b3 = rol64(b3, 52) ^ b0;
396
397 b2 += b1;
398 b1 = rol64(b1, 57) ^ b2;
399
400 b0 += b1;
401 b1 = rol64(b1, 23) ^ b0;
402
403 b2 += b3;
404 b3 = rol64(b3, 40) ^ b2;
405
406 b0 += b3;
407 b3 = rol64(b3, 5) ^ b0;
408
409 b2 += b1;
410 b1 = rol64(b1, 37) ^ b2;
411
412 b1 += k1 + t0;
413 b0 += b1 + k0;
414 b1 = rol64(b1, 25) ^ b0;
415
416 b3 += k3 + 15;
417 b2 += b3 + k2 + t1;
418 b3 = rol64(b3, 33) ^ b2;
419
420 b0 += b3;
421 b3 = rol64(b3, 46) ^ b0;
422
423 b2 += b1;
424 b1 = rol64(b1, 12) ^ b2;
425
426 b0 += b1;
427 b1 = rol64(b1, 58) ^ b0;
428
429 b2 += b3;
430 b3 = rol64(b3, 22) ^ b2;
431
432 b0 += b3;
433 b3 = rol64(b3, 32) ^ b0;
434
435 b2 += b1;
436 b1 = rol64(b1, 32) ^ b2;
437
438
439 b1 += k2 + t1;
440 b0 += b1 + k1;
441 b1 = rol64(b1, 14) ^ b0;
442
443 b3 += k4 + 16;
444 b2 += b3 + k3 + t2;
445 b3 = rol64(b3, 16) ^ b2;
446
447 b0 += b3;
448 b3 = rol64(b3, 52) ^ b0;
449
450 b2 += b1;
451 b1 = rol64(b1, 57) ^ b2;
452
453 b0 += b1;
454 b1 = rol64(b1, 23) ^ b0;
455
456 b2 += b3;
457 b3 = rol64(b3, 40) ^ b2;
458
459 b0 += b3;
460 b3 = rol64(b3, 5) ^ b0;
461
462 b2 += b1;
463 b1 = rol64(b1, 37) ^ b2;
464
465 b1 += k3 + t2;
466 b0 += b1 + k2;
467 b1 = rol64(b1, 25) ^ b0;
468
469 b3 += k0 + 17;
470 b2 += b3 + k4 + t0;
471 b3 = rol64(b3, 33) ^ b2;
472
473 b0 += b3;
474 b3 = rol64(b3, 46) ^ b0;
475
476 b2 += b1;
477 b1 = rol64(b1, 12) ^ b2;
478
479 b0 += b1;
480 b1 = rol64(b1, 58) ^ b0;
481
482 b2 += b3;
483 b3 = rol64(b3, 22) ^ b2;
484
485 b0 += b3;
486 b3 = rol64(b3, 32) ^ b0;
487
488 b2 += b1;
489 b1 = rol64(b1, 32) ^ b2;
490
491 output[0] = b0 + k3;
492 output[1] = b1 + k4 + t0;
493 output[2] = b2 + k0 + t1;
494 output[3] = b3 + k1 + 18;
495 }
496
497 void threefish_decrypt_256(struct threefish_key *key_ctx, u64 *input,
498 u64 *output)
499 {
500 u64 b0 = input[0], b1 = input[1],
501 b2 = input[2], b3 = input[3];
502 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
503 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
504 k4 = key_ctx->key[4];
505 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
506 t2 = key_ctx->tweak[2];
507
508 u64 tmp;
509
510 b0 -= k3;
511 b1 -= k4 + t0;
512 b2 -= k0 + t1;
513 b3 -= k1 + 18;
514 tmp = b3 ^ b0;
515 b3 = (tmp >> 32) | (tmp << (64 - 32));
516 b0 -= b3;
517
518 tmp = b1 ^ b2;
519 b1 = (tmp >> 32) | (tmp << (64 - 32));
520 b2 -= b1;
521
522 tmp = b1 ^ b0;
523 b1 = (tmp >> 58) | (tmp << (64 - 58));
524 b0 -= b1;
525
526 tmp = b3 ^ b2;
527 b3 = (tmp >> 22) | (tmp << (64 - 22));
528 b2 -= b3;
529
530 tmp = b3 ^ b0;
531 b3 = (tmp >> 46) | (tmp << (64 - 46));
532 b0 -= b3;
533
534 tmp = b1 ^ b2;
535 b1 = (tmp >> 12) | (tmp << (64 - 12));
536 b2 -= b1;
537
538 tmp = b1 ^ b0;
539 b1 = (tmp >> 25) | (tmp << (64 - 25));
540 b0 -= b1 + k2;
541 b1 -= k3 + t2;
542
543 tmp = b3 ^ b2;
544 b3 = (tmp >> 33) | (tmp << (64 - 33));
545 b2 -= b3 + k4 + t0;
546 b3 -= k0 + 17;
547
548 tmp = b3 ^ b0;
549 b3 = (tmp >> 5) | (tmp << (64 - 5));
550 b0 -= b3;
551
552 tmp = b1 ^ b2;
553 b1 = (tmp >> 37) | (tmp << (64 - 37));
554 b2 -= b1;
555
556 tmp = b1 ^ b0;
557 b1 = (tmp >> 23) | (tmp << (64 - 23));
558 b0 -= b1;
559
560 tmp = b3 ^ b2;
561 b3 = (tmp >> 40) | (tmp << (64 - 40));
562 b2 -= b3;
563
564 tmp = b3 ^ b0;
565 b3 = (tmp >> 52) | (tmp << (64 - 52));
566 b0 -= b3;
567
568 tmp = b1 ^ b2;
569 b1 = (tmp >> 57) | (tmp << (64 - 57));
570 b2 -= b1;
571
572 tmp = b1 ^ b0;
573 b1 = (tmp >> 14) | (tmp << (64 - 14));
574 b0 -= b1 + k1;
575 b1 -= k2 + t1;
576
577 tmp = b3 ^ b2;
578 b3 = (tmp >> 16) | (tmp << (64 - 16));
579 b2 -= b3 + k3 + t2;
580 b3 -= k4 + 16;
581
582
583 tmp = b3 ^ b0;
584 b3 = (tmp >> 32) | (tmp << (64 - 32));
585 b0 -= b3;
586
587 tmp = b1 ^ b2;
588 b1 = (tmp >> 32) | (tmp << (64 - 32));
589 b2 -= b1;
590
591 tmp = b1 ^ b0;
592 b1 = (tmp >> 58) | (tmp << (64 - 58));
593 b0 -= b1;
594
595 tmp = b3 ^ b2;
596 b3 = (tmp >> 22) | (tmp << (64 - 22));
597 b2 -= b3;
598
599 tmp = b3 ^ b0;
600 b3 = (tmp >> 46) | (tmp << (64 - 46));
601 b0 -= b3;
602
603 tmp = b1 ^ b2;
604 b1 = (tmp >> 12) | (tmp << (64 - 12));
605 b2 -= b1;
606
607 tmp = b1 ^ b0;
608 b1 = (tmp >> 25) | (tmp << (64 - 25));
609 b0 -= b1 + k0;
610 b1 -= k1 + t0;
611
612 tmp = b3 ^ b2;
613 b3 = (tmp >> 33) | (tmp << (64 - 33));
614 b2 -= b3 + k2 + t1;
615 b3 -= k3 + 15;
616
617 tmp = b3 ^ b0;
618 b3 = (tmp >> 5) | (tmp << (64 - 5));
619 b0 -= b3;
620
621 tmp = b1 ^ b2;
622 b1 = (tmp >> 37) | (tmp << (64 - 37));
623 b2 -= b1;
624
625 tmp = b1 ^ b0;
626 b1 = (tmp >> 23) | (tmp << (64 - 23));
627 b0 -= b1;
628
629 tmp = b3 ^ b2;
630 b3 = (tmp >> 40) | (tmp << (64 - 40));
631 b2 -= b3;
632
633 tmp = b3 ^ b0;
634 b3 = (tmp >> 52) | (tmp << (64 - 52));
635 b0 -= b3;
636
637 tmp = b1 ^ b2;
638 b1 = (tmp >> 57) | (tmp << (64 - 57));
639 b2 -= b1;
640
641 tmp = b1 ^ b0;
642 b1 = (tmp >> 14) | (tmp << (64 - 14));
643 b0 -= b1 + k4;
644 b1 -= k0 + t2;
645
646 tmp = b3 ^ b2;
647 b3 = (tmp >> 16) | (tmp << (64 - 16));
648 b2 -= b3 + k1 + t0;
649 b3 -= k2 + 14;
650
651
652 tmp = b3 ^ b0;
653 b3 = (tmp >> 32) | (tmp << (64 - 32));
654 b0 -= b3;
655
656 tmp = b1 ^ b2;
657 b1 = (tmp >> 32) | (tmp << (64 - 32));
658 b2 -= b1;
659
660 tmp = b1 ^ b0;
661 b1 = (tmp >> 58) | (tmp << (64 - 58));
662 b0 -= b1;
663
664 tmp = b3 ^ b2;
665 b3 = (tmp >> 22) | (tmp << (64 - 22));
666 b2 -= b3;
667
668 tmp = b3 ^ b0;
669 b3 = (tmp >> 46) | (tmp << (64 - 46));
670 b0 -= b3;
671
672 tmp = b1 ^ b2;
673 b1 = (tmp >> 12) | (tmp << (64 - 12));
674 b2 -= b1;
675
676 tmp = b1 ^ b0;
677 b1 = (tmp >> 25) | (tmp << (64 - 25));
678 b0 -= b1 + k3;
679 b1 -= k4 + t1;
680
681 tmp = b3 ^ b2;
682 b3 = (tmp >> 33) | (tmp << (64 - 33));
683 b2 -= b3 + k0 + t2;
684 b3 -= k1 + 13;
685
686 tmp = b3 ^ b0;
687 b3 = (tmp >> 5) | (tmp << (64 - 5));
688 b0 -= b3;
689
690 tmp = b1 ^ b2;
691 b1 = (tmp >> 37) | (tmp << (64 - 37));
692 b2 -= b1;
693
694 tmp = b1 ^ b0;
695 b1 = (tmp >> 23) | (tmp << (64 - 23));
696 b0 -= b1;
697
698 tmp = b3 ^ b2;
699 b3 = (tmp >> 40) | (tmp << (64 - 40));
700 b2 -= b3;
701
702 tmp = b3 ^ b0;
703 b3 = (tmp >> 52) | (tmp << (64 - 52));
704 b0 -= b3;
705
706 tmp = b1 ^ b2;
707 b1 = (tmp >> 57) | (tmp << (64 - 57));
708 b2 -= b1;
709
710 tmp = b1 ^ b0;
711 b1 = (tmp >> 14) | (tmp << (64 - 14));
712 b0 -= b1 + k2;
713 b1 -= k3 + t0;
714
715 tmp = b3 ^ b2;
716 b3 = (tmp >> 16) | (tmp << (64 - 16));
717 b2 -= b3 + k4 + t1;
718 b3 -= k0 + 12;
719
720
721 tmp = b3 ^ b0;
722 b3 = (tmp >> 32) | (tmp << (64 - 32));
723 b0 -= b3;
724
725 tmp = b1 ^ b2;
726 b1 = (tmp >> 32) | (tmp << (64 - 32));
727 b2 -= b1;
728
729 tmp = b1 ^ b0;
730 b1 = (tmp >> 58) | (tmp << (64 - 58));
731 b0 -= b1;
732
733 tmp = b3 ^ b2;
734 b3 = (tmp >> 22) | (tmp << (64 - 22));
735 b2 -= b3;
736
737 tmp = b3 ^ b0;
738 b3 = (tmp >> 46) | (tmp << (64 - 46));
739 b0 -= b3;
740
741 tmp = b1 ^ b2;
742 b1 = (tmp >> 12) | (tmp << (64 - 12));
743 b2 -= b1;
744
745 tmp = b1 ^ b0;
746 b1 = (tmp >> 25) | (tmp << (64 - 25));
747 b0 -= b1 + k1;
748 b1 -= k2 + t2;
749
750 tmp = b3 ^ b2;
751 b3 = (tmp >> 33) | (tmp << (64 - 33));
752 b2 -= b3 + k3 + t0;
753 b3 -= k4 + 11;
754
755 tmp = b3 ^ b0;
756 b3 = (tmp >> 5) | (tmp << (64 - 5));
757 b0 -= b3;
758
759 tmp = b1 ^ b2;
760 b1 = (tmp >> 37) | (tmp << (64 - 37));
761 b2 -= b1;
762
763 tmp = b1 ^ b0;
764 b1 = (tmp >> 23) | (tmp << (64 - 23));
765 b0 -= b1;
766
767 tmp = b3 ^ b2;
768 b3 = (tmp >> 40) | (tmp << (64 - 40));
769 b2 -= b3;
770
771 tmp = b3 ^ b0;
772 b3 = (tmp >> 52) | (tmp << (64 - 52));
773 b0 -= b3;
774
775 tmp = b1 ^ b2;
776 b1 = (tmp >> 57) | (tmp << (64 - 57));
777 b2 -= b1;
778
779 tmp = b1 ^ b0;
780 b1 = (tmp >> 14) | (tmp << (64 - 14));
781 b0 -= b1 + k0;
782 b1 -= k1 + t1;
783
784 tmp = b3 ^ b2;
785 b3 = (tmp >> 16) | (tmp << (64 - 16));
786 b2 -= b3 + k2 + t2;
787 b3 -= k3 + 10;
788
789
790 tmp = b3 ^ b0;
791 b3 = (tmp >> 32) | (tmp << (64 - 32));
792 b0 -= b3;
793
794 tmp = b1 ^ b2;
795 b1 = (tmp >> 32) | (tmp << (64 - 32));
796 b2 -= b1;
797
798 tmp = b1 ^ b0;
799 b1 = (tmp >> 58) | (tmp << (64 - 58));
800 b0 -= b1;
801
802 tmp = b3 ^ b2;
803 b3 = (tmp >> 22) | (tmp << (64 - 22));
804 b2 -= b3;
805
806 tmp = b3 ^ b0;
807 b3 = (tmp >> 46) | (tmp << (64 - 46));
808 b0 -= b3;
809
810 tmp = b1 ^ b2;
811 b1 = (tmp >> 12) | (tmp << (64 - 12));
812 b2 -= b1;
813
814 tmp = b1 ^ b0;
815 b1 = (tmp >> 25) | (tmp << (64 - 25));
816 b0 -= b1 + k4;
817 b1 -= k0 + t0;
818
819 tmp = b3 ^ b2;
820 b3 = (tmp >> 33) | (tmp << (64 - 33));
821 b2 -= b3 + k1 + t1;
822 b3 -= k2 + 9;
823
824 tmp = b3 ^ b0;
825 b3 = (tmp >> 5) | (tmp << (64 - 5));
826 b0 -= b3;
827
828 tmp = b1 ^ b2;
829 b1 = (tmp >> 37) | (tmp << (64 - 37));
830 b2 -= b1;
831
832 tmp = b1 ^ b0;
833 b1 = (tmp >> 23) | (tmp << (64 - 23));
834 b0 -= b1;
835
836 tmp = b3 ^ b2;
837 b3 = (tmp >> 40) | (tmp << (64 - 40));
838 b2 -= b3;
839
840 tmp = b3 ^ b0;
841 b3 = (tmp >> 52) | (tmp << (64 - 52));
842 b0 -= b3;
843
844 tmp = b1 ^ b2;
845 b1 = (tmp >> 57) | (tmp << (64 - 57));
846 b2 -= b1;
847
848 tmp = b1 ^ b0;
849 b1 = (tmp >> 14) | (tmp << (64 - 14));
850 b0 -= b1 + k3;
851 b1 -= k4 + t2;
852
853 tmp = b3 ^ b2;
854 b3 = (tmp >> 16) | (tmp << (64 - 16));
855 b2 -= b3 + k0 + t0;
856 b3 -= k1 + 8;
857
858
859 tmp = b3 ^ b0;
860 b3 = (tmp >> 32) | (tmp << (64 - 32));
861 b0 -= b3;
862
863 tmp = b1 ^ b2;
864 b1 = (tmp >> 32) | (tmp << (64 - 32));
865 b2 -= b1;
866
867 tmp = b1 ^ b0;
868 b1 = (tmp >> 58) | (tmp << (64 - 58));
869 b0 -= b1;
870
871 tmp = b3 ^ b2;
872 b3 = (tmp >> 22) | (tmp << (64 - 22));
873 b2 -= b3;
874
875 tmp = b3 ^ b0;
876 b3 = (tmp >> 46) | (tmp << (64 - 46));
877 b0 -= b3;
878
879 tmp = b1 ^ b2;
880 b1 = (tmp >> 12) | (tmp << (64 - 12));
881 b2 -= b1;
882
883 tmp = b1 ^ b0;
884 b1 = (tmp >> 25) | (tmp << (64 - 25));
885 b0 -= b1 + k2;
886 b1 -= k3 + t1;
887
888 tmp = b3 ^ b2;
889 b3 = (tmp >> 33) | (tmp << (64 - 33));
890 b2 -= b3 + k4 + t2;
891 b3 -= k0 + 7;
892
893 tmp = b3 ^ b0;
894 b3 = (tmp >> 5) | (tmp << (64 - 5));
895 b0 -= b3;
896
897 tmp = b1 ^ b2;
898 b1 = (tmp >> 37) | (tmp << (64 - 37));
899 b2 -= b1;
900
901 tmp = b1 ^ b0;
902 b1 = (tmp >> 23) | (tmp << (64 - 23));
903 b0 -= b1;
904
905 tmp = b3 ^ b2;
906 b3 = (tmp >> 40) | (tmp << (64 - 40));
907 b2 -= b3;
908
909 tmp = b3 ^ b0;
910 b3 = (tmp >> 52) | (tmp << (64 - 52));
911 b0 -= b3;
912
913 tmp = b1 ^ b2;
914 b1 = (tmp >> 57) | (tmp << (64 - 57));
915 b2 -= b1;
916
917 tmp = b1 ^ b0;
918 b1 = (tmp >> 14) | (tmp << (64 - 14));
919 b0 -= b1 + k1;
920 b1 -= k2 + t0;
921
922 tmp = b3 ^ b2;
923 b3 = (tmp >> 16) | (tmp << (64 - 16));
924 b2 -= b3 + k3 + t1;
925 b3 -= k4 + 6;
926
927
928 tmp = b3 ^ b0;
929 b3 = (tmp >> 32) | (tmp << (64 - 32));
930 b0 -= b3;
931
932 tmp = b1 ^ b2;
933 b1 = (tmp >> 32) | (tmp << (64 - 32));
934 b2 -= b1;
935
936 tmp = b1 ^ b0;
937 b1 = (tmp >> 58) | (tmp << (64 - 58));
938 b0 -= b1;
939
940 tmp = b3 ^ b2;
941 b3 = (tmp >> 22) | (tmp << (64 - 22));
942 b2 -= b3;
943
944 tmp = b3 ^ b0;
945 b3 = (tmp >> 46) | (tmp << (64 - 46));
946 b0 -= b3;
947
948 tmp = b1 ^ b2;
949 b1 = (tmp >> 12) | (tmp << (64 - 12));
950 b2 -= b1;
951
952 tmp = b1 ^ b0;
953 b1 = (tmp >> 25) | (tmp << (64 - 25));
954 b0 -= b1 + k0;
955 b1 -= k1 + t2;
956
957 tmp = b3 ^ b2;
958 b3 = (tmp >> 33) | (tmp << (64 - 33));
959 b2 -= b3 + k2 + t0;
960 b3 -= k3 + 5;
961
962 tmp = b3 ^ b0;
963 b3 = (tmp >> 5) | (tmp << (64 - 5));
964 b0 -= b3;
965
966 tmp = b1 ^ b2;
967 b1 = (tmp >> 37) | (tmp << (64 - 37));
968 b2 -= b1;
969
970 tmp = b1 ^ b0;
971 b1 = (tmp >> 23) | (tmp << (64 - 23));
972 b0 -= b1;
973
974 tmp = b3 ^ b2;
975 b3 = (tmp >> 40) | (tmp << (64 - 40));
976 b2 -= b3;
977
978 tmp = b3 ^ b0;
979 b3 = (tmp >> 52) | (tmp << (64 - 52));
980 b0 -= b3;
981
982 tmp = b1 ^ b2;
983 b1 = (tmp >> 57) | (tmp << (64 - 57));
984 b2 -= b1;
985
986 tmp = b1 ^ b0;
987 b1 = (tmp >> 14) | (tmp << (64 - 14));
988 b0 -= b1 + k4;
989 b1 -= k0 + t1;
990
991 tmp = b3 ^ b2;
992 b3 = (tmp >> 16) | (tmp << (64 - 16));
993 b2 -= b3 + k1 + t2;
994 b3 -= k2 + 4;
995
996
997 tmp = b3 ^ b0;
998 b3 = (tmp >> 32) | (tmp << (64 - 32));
999 b0 -= b3;
1000
1001 tmp = b1 ^ b2;
1002 b1 = (tmp >> 32) | (tmp << (64 - 32));
1003 b2 -= b1;
1004
1005 tmp = b1 ^ b0;
1006 b1 = (tmp >> 58) | (tmp << (64 - 58));
1007 b0 -= b1;
1008
1009 tmp = b3 ^ b2;
1010 b3 = (tmp >> 22) | (tmp << (64 - 22));
1011 b2 -= b3;
1012
1013 tmp = b3 ^ b0;
1014 b3 = (tmp >> 46) | (tmp << (64 - 46));
1015 b0 -= b3;
1016
1017 tmp = b1 ^ b2;
1018 b1 = (tmp >> 12) | (tmp << (64 - 12));
1019 b2 -= b1;
1020
1021 tmp = b1 ^ b0;
1022 b1 = (tmp >> 25) | (tmp << (64 - 25));
1023 b0 -= b1 + k3;
1024 b1 -= k4 + t0;
1025
1026 tmp = b3 ^ b2;
1027 b3 = (tmp >> 33) | (tmp << (64 - 33));
1028 b2 -= b3 + k0 + t1;
1029 b3 -= k1 + 3;
1030
1031 tmp = b3 ^ b0;
1032 b3 = (tmp >> 5) | (tmp << (64 - 5));
1033 b0 -= b3;
1034
1035 tmp = b1 ^ b2;
1036 b1 = (tmp >> 37) | (tmp << (64 - 37));
1037 b2 -= b1;
1038
1039 tmp = b1 ^ b0;
1040 b1 = (tmp >> 23) | (tmp << (64 - 23));
1041 b0 -= b1;
1042
1043 tmp = b3 ^ b2;
1044 b3 = (tmp >> 40) | (tmp << (64 - 40));
1045 b2 -= b3;
1046
1047 tmp = b3 ^ b0;
1048 b3 = (tmp >> 52) | (tmp << (64 - 52));
1049 b0 -= b3;
1050
1051 tmp = b1 ^ b2;
1052 b1 = (tmp >> 57) | (tmp << (64 - 57));
1053 b2 -= b1;
1054
1055 tmp = b1 ^ b0;
1056 b1 = (tmp >> 14) | (tmp << (64 - 14));
1057 b0 -= b1 + k2;
1058 b1 -= k3 + t2;
1059
1060 tmp = b3 ^ b2;
1061 b3 = (tmp >> 16) | (tmp << (64 - 16));
1062 b2 -= b3 + k4 + t0;
1063 b3 -= k0 + 2;
1064
1065
1066 tmp = b3 ^ b0;
1067 b3 = (tmp >> 32) | (tmp << (64 - 32));
1068 b0 -= b3;
1069
1070 tmp = b1 ^ b2;
1071 b1 = (tmp >> 32) | (tmp << (64 - 32));
1072 b2 -= b1;
1073
1074 tmp = b1 ^ b0;
1075 b1 = (tmp >> 58) | (tmp << (64 - 58));
1076 b0 -= b1;
1077
1078 tmp = b3 ^ b2;
1079 b3 = (tmp >> 22) | (tmp << (64 - 22));
1080 b2 -= b3;
1081
1082 tmp = b3 ^ b0;
1083 b3 = (tmp >> 46) | (tmp << (64 - 46));
1084 b0 -= b3;
1085
1086 tmp = b1 ^ b2;
1087 b1 = (tmp >> 12) | (tmp << (64 - 12));
1088 b2 -= b1;
1089
1090 tmp = b1 ^ b0;
1091 b1 = (tmp >> 25) | (tmp << (64 - 25));
1092 b0 -= b1 + k1;
1093 b1 -= k2 + t1;
1094
1095 tmp = b3 ^ b2;
1096 b3 = (tmp >> 33) | (tmp << (64 - 33));
1097 b2 -= b3 + k3 + t2;
1098 b3 -= k4 + 1;
1099
1100 tmp = b3 ^ b0;
1101 b3 = (tmp >> 5) | (tmp << (64 - 5));
1102 b0 -= b3;
1103
1104 tmp = b1 ^ b2;
1105 b1 = (tmp >> 37) | (tmp << (64 - 37));
1106 b2 -= b1;
1107
1108 tmp = b1 ^ b0;
1109 b1 = (tmp >> 23) | (tmp << (64 - 23));
1110 b0 -= b1;
1111
1112 tmp = b3 ^ b2;
1113 b3 = (tmp >> 40) | (tmp << (64 - 40));
1114 b2 -= b3;
1115
1116 tmp = b3 ^ b0;
1117 b3 = (tmp >> 52) | (tmp << (64 - 52));
1118 b0 -= b3;
1119
1120 tmp = b1 ^ b2;
1121 b1 = (tmp >> 57) | (tmp << (64 - 57));
1122 b2 -= b1;
1123
1124 tmp = b1 ^ b0;
1125 b1 = (tmp >> 14) | (tmp << (64 - 14));
1126 b0 -= b1 + k0;
1127 b1 -= k1 + t0;
1128
1129 tmp = b3 ^ b2;
1130 b3 = (tmp >> 16) | (tmp << (64 - 16));
1131 b2 -= b3 + k2 + t1;
1132 b3 -= k3;
1133
1134 output[0] = b0;
1135 output[1] = b1;
1136 output[2] = b2;
1137 output[3] = b3;
1138 }
1139
1140 void threefish_encrypt_512(struct threefish_key *key_ctx, u64 *input,
1141 u64 *output)
1142 {
1143 u64 b0 = input[0], b1 = input[1],
1144 b2 = input[2], b3 = input[3],
1145 b4 = input[4], b5 = input[5],
1146 b6 = input[6], b7 = input[7];
1147 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
1148 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
1149 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
1150 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
1151 k8 = key_ctx->key[8];
1152 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
1153 t2 = key_ctx->tweak[2];
1154
1155 b1 += k1;
1156 b0 += b1 + k0;
1157 b1 = rol64(b1, 46) ^ b0;
1158
1159 b3 += k3;
1160 b2 += b3 + k2;
1161 b3 = rol64(b3, 36) ^ b2;
1162
1163 b5 += k5 + t0;
1164 b4 += b5 + k4;
1165 b5 = rol64(b5, 19) ^ b4;
1166
1167 b7 += k7;
1168 b6 += b7 + k6 + t1;
1169 b7 = rol64(b7, 37) ^ b6;
1170
1171 b2 += b1;
1172 b1 = rol64(b1, 33) ^ b2;
1173
1174 b4 += b7;
1175 b7 = rol64(b7, 27) ^ b4;
1176
1177 b6 += b5;
1178 b5 = rol64(b5, 14) ^ b6;
1179
1180 b0 += b3;
1181 b3 = rol64(b3, 42) ^ b0;
1182
1183 b4 += b1;
1184 b1 = rol64(b1, 17) ^ b4;
1185
1186 b6 += b3;
1187 b3 = rol64(b3, 49) ^ b6;
1188
1189 b0 += b5;
1190 b5 = rol64(b5, 36) ^ b0;
1191
1192 b2 += b7;
1193 b7 = rol64(b7, 39) ^ b2;
1194
1195 b6 += b1;
1196 b1 = rol64(b1, 44) ^ b6;
1197
1198 b0 += b7;
1199 b7 = rol64(b7, 9) ^ b0;
1200
1201 b2 += b5;
1202 b5 = rol64(b5, 54) ^ b2;
1203
1204 b4 += b3;
1205 b3 = rol64(b3, 56) ^ b4;
1206
1207 b1 += k2;
1208 b0 += b1 + k1;
1209 b1 = rol64(b1, 39) ^ b0;
1210
1211 b3 += k4;
1212 b2 += b3 + k3;
1213 b3 = rol64(b3, 30) ^ b2;
1214
1215 b5 += k6 + t1;
1216 b4 += b5 + k5;
1217 b5 = rol64(b5, 34) ^ b4;
1218
1219 b7 += k8 + 1;
1220 b6 += b7 + k7 + t2;
1221 b7 = rol64(b7, 24) ^ b6;
1222
1223 b2 += b1;
1224 b1 = rol64(b1, 13) ^ b2;
1225
1226 b4 += b7;
1227 b7 = rol64(b7, 50) ^ b4;
1228
1229 b6 += b5;
1230 b5 = rol64(b5, 10) ^ b6;
1231
1232 b0 += b3;
1233 b3 = rol64(b3, 17) ^ b0;
1234
1235 b4 += b1;
1236 b1 = rol64(b1, 25) ^ b4;
1237
1238 b6 += b3;
1239 b3 = rol64(b3, 29) ^ b6;
1240
1241 b0 += b5;
1242 b5 = rol64(b5, 39) ^ b0;
1243
1244 b2 += b7;
1245 b7 = rol64(b7, 43) ^ b2;
1246
1247 b6 += b1;
1248 b1 = rol64(b1, 8) ^ b6;
1249
1250 b0 += b7;
1251 b7 = rol64(b7, 35) ^ b0;
1252
1253 b2 += b5;
1254 b5 = rol64(b5, 56) ^ b2;
1255
1256 b4 += b3;
1257 b3 = rol64(b3, 22) ^ b4;
1258
1259 b1 += k3;
1260 b0 += b1 + k2;
1261 b1 = rol64(b1, 46) ^ b0;
1262
1263 b3 += k5;
1264 b2 += b3 + k4;
1265 b3 = rol64(b3, 36) ^ b2;
1266
1267 b5 += k7 + t2;
1268 b4 += b5 + k6;
1269 b5 = rol64(b5, 19) ^ b4;
1270
1271 b7 += k0 + 2;
1272 b6 += b7 + k8 + t0;
1273 b7 = rol64(b7, 37) ^ b6;
1274
1275 b2 += b1;
1276 b1 = rol64(b1, 33) ^ b2;
1277
1278 b4 += b7;
1279 b7 = rol64(b7, 27) ^ b4;
1280
1281 b6 += b5;
1282 b5 = rol64(b5, 14) ^ b6;
1283
1284 b0 += b3;
1285 b3 = rol64(b3, 42) ^ b0;
1286
1287 b4 += b1;
1288 b1 = rol64(b1, 17) ^ b4;
1289
1290 b6 += b3;
1291 b3 = rol64(b3, 49) ^ b6;
1292
1293 b0 += b5;
1294 b5 = rol64(b5, 36) ^ b0;
1295
1296 b2 += b7;
1297 b7 = rol64(b7, 39) ^ b2;
1298
1299 b6 += b1;
1300 b1 = rol64(b1, 44) ^ b6;
1301
1302 b0 += b7;
1303 b7 = rol64(b7, 9) ^ b0;
1304
1305 b2 += b5;
1306 b5 = rol64(b5, 54) ^ b2;
1307
1308 b4 += b3;
1309 b3 = rol64(b3, 56) ^ b4;
1310
1311 b1 += k4;
1312 b0 += b1 + k3;
1313 b1 = rol64(b1, 39) ^ b0;
1314
1315 b3 += k6;
1316 b2 += b3 + k5;
1317 b3 = rol64(b3, 30) ^ b2;
1318
1319 b5 += k8 + t0;
1320 b4 += b5 + k7;
1321 b5 = rol64(b5, 34) ^ b4;
1322
1323 b7 += k1 + 3;
1324 b6 += b7 + k0 + t1;
1325 b7 = rol64(b7, 24) ^ b6;
1326
1327 b2 += b1;
1328 b1 = rol64(b1, 13) ^ b2;
1329
1330 b4 += b7;
1331 b7 = rol64(b7, 50) ^ b4;
1332
1333 b6 += b5;
1334 b5 = rol64(b5, 10) ^ b6;
1335
1336 b0 += b3;
1337 b3 = rol64(b3, 17) ^ b0;
1338
1339 b4 += b1;
1340 b1 = rol64(b1, 25) ^ b4;
1341
1342 b6 += b3;
1343 b3 = rol64(b3, 29) ^ b6;
1344
1345 b0 += b5;
1346 b5 = rol64(b5, 39) ^ b0;
1347
1348 b2 += b7;
1349 b7 = rol64(b7, 43) ^ b2;
1350
1351 b6 += b1;
1352 b1 = rol64(b1, 8) ^ b6;
1353
1354 b0 += b7;
1355 b7 = rol64(b7, 35) ^ b0;
1356
1357 b2 += b5;
1358 b5 = rol64(b5, 56) ^ b2;
1359
1360 b4 += b3;
1361 b3 = rol64(b3, 22) ^ b4;
1362
1363 b1 += k5;
1364 b0 += b1 + k4;
1365 b1 = rol64(b1, 46) ^ b0;
1366
1367 b3 += k7;
1368 b2 += b3 + k6;
1369 b3 = rol64(b3, 36) ^ b2;
1370
1371 b5 += k0 + t1;
1372 b4 += b5 + k8;
1373 b5 = rol64(b5, 19) ^ b4;
1374
1375 b7 += k2 + 4;
1376 b6 += b7 + k1 + t2;
1377 b7 = rol64(b7, 37) ^ b6;
1378
1379 b2 += b1;
1380 b1 = rol64(b1, 33) ^ b2;
1381
1382 b4 += b7;
1383 b7 = rol64(b7, 27) ^ b4;
1384
1385 b6 += b5;
1386 b5 = rol64(b5, 14) ^ b6;
1387
1388 b0 += b3;
1389 b3 = rol64(b3, 42) ^ b0;
1390
1391 b4 += b1;
1392 b1 = rol64(b1, 17) ^ b4;
1393
1394 b6 += b3;
1395 b3 = rol64(b3, 49) ^ b6;
1396
1397 b0 += b5;
1398 b5 = rol64(b5, 36) ^ b0;
1399
1400 b2 += b7;
1401 b7 = rol64(b7, 39) ^ b2;
1402
1403 b6 += b1;
1404 b1 = rol64(b1, 44) ^ b6;
1405
1406 b0 += b7;
1407 b7 = rol64(b7, 9) ^ b0;
1408
1409 b2 += b5;
1410 b5 = rol64(b5, 54) ^ b2;
1411
1412 b4 += b3;
1413 b3 = rol64(b3, 56) ^ b4;
1414
1415 b1 += k6;
1416 b0 += b1 + k5;
1417 b1 = rol64(b1, 39) ^ b0;
1418
1419 b3 += k8;
1420 b2 += b3 + k7;
1421 b3 = rol64(b3, 30) ^ b2;
1422
1423 b5 += k1 + t2;
1424 b4 += b5 + k0;
1425 b5 = rol64(b5, 34) ^ b4;
1426
1427 b7 += k3 + 5;
1428 b6 += b7 + k2 + t0;
1429 b7 = rol64(b7, 24) ^ b6;
1430
1431 b2 += b1;
1432 b1 = rol64(b1, 13) ^ b2;
1433
1434 b4 += b7;
1435 b7 = rol64(b7, 50) ^ b4;
1436
1437 b6 += b5;
1438 b5 = rol64(b5, 10) ^ b6;
1439
1440 b0 += b3;
1441 b3 = rol64(b3, 17) ^ b0;
1442
1443 b4 += b1;
1444 b1 = rol64(b1, 25) ^ b4;
1445
1446 b6 += b3;
1447 b3 = rol64(b3, 29) ^ b6;
1448
1449 b0 += b5;
1450 b5 = rol64(b5, 39) ^ b0;
1451
1452 b2 += b7;
1453 b7 = rol64(b7, 43) ^ b2;
1454
1455 b6 += b1;
1456 b1 = rol64(b1, 8) ^ b6;
1457
1458 b0 += b7;
1459 b7 = rol64(b7, 35) ^ b0;
1460
1461 b2 += b5;
1462 b5 = rol64(b5, 56) ^ b2;
1463
1464 b4 += b3;
1465 b3 = rol64(b3, 22) ^ b4;
1466
1467 b1 += k7;
1468 b0 += b1 + k6;
1469 b1 = rol64(b1, 46) ^ b0;
1470
1471 b3 += k0;
1472 b2 += b3 + k8;
1473 b3 = rol64(b3, 36) ^ b2;
1474
1475 b5 += k2 + t0;
1476 b4 += b5 + k1;
1477 b5 = rol64(b5, 19) ^ b4;
1478
1479 b7 += k4 + 6;
1480 b6 += b7 + k3 + t1;
1481 b7 = rol64(b7, 37) ^ b6;
1482
1483 b2 += b1;
1484 b1 = rol64(b1, 33) ^ b2;
1485
1486 b4 += b7;
1487 b7 = rol64(b7, 27) ^ b4;
1488
1489 b6 += b5;
1490 b5 = rol64(b5, 14) ^ b6;
1491
1492 b0 += b3;
1493 b3 = rol64(b3, 42) ^ b0;
1494
1495 b4 += b1;
1496 b1 = rol64(b1, 17) ^ b4;
1497
1498 b6 += b3;
1499 b3 = rol64(b3, 49) ^ b6;
1500
1501 b0 += b5;
1502 b5 = rol64(b5, 36) ^ b0;
1503
1504 b2 += b7;
1505 b7 = rol64(b7, 39) ^ b2;
1506
1507 b6 += b1;
1508 b1 = rol64(b1, 44) ^ b6;
1509
1510 b0 += b7;
1511 b7 = rol64(b7, 9) ^ b0;
1512
1513 b2 += b5;
1514 b5 = rol64(b5, 54) ^ b2;
1515
1516 b4 += b3;
1517 b3 = rol64(b3, 56) ^ b4;
1518
1519 b1 += k8;
1520 b0 += b1 + k7;
1521 b1 = rol64(b1, 39) ^ b0;
1522
1523 b3 += k1;
1524 b2 += b3 + k0;
1525 b3 = rol64(b3, 30) ^ b2;
1526
1527 b5 += k3 + t1;
1528 b4 += b5 + k2;
1529 b5 = rol64(b5, 34) ^ b4;
1530
1531 b7 += k5 + 7;
1532 b6 += b7 + k4 + t2;
1533 b7 = rol64(b7, 24) ^ b6;
1534
1535 b2 += b1;
1536 b1 = rol64(b1, 13) ^ b2;
1537
1538 b4 += b7;
1539 b7 = rol64(b7, 50) ^ b4;
1540
1541 b6 += b5;
1542 b5 = rol64(b5, 10) ^ b6;
1543
1544 b0 += b3;
1545 b3 = rol64(b3, 17) ^ b0;
1546
1547 b4 += b1;
1548 b1 = rol64(b1, 25) ^ b4;
1549
1550 b6 += b3;
1551 b3 = rol64(b3, 29) ^ b6;
1552
1553 b0 += b5;
1554 b5 = rol64(b5, 39) ^ b0;
1555
1556 b2 += b7;
1557 b7 = rol64(b7, 43) ^ b2;
1558
1559 b6 += b1;
1560 b1 = rol64(b1, 8) ^ b6;
1561
1562 b0 += b7;
1563 b7 = rol64(b7, 35) ^ b0;
1564
1565 b2 += b5;
1566 b5 = rol64(b5, 56) ^ b2;
1567
1568 b4 += b3;
1569 b3 = rol64(b3, 22) ^ b4;
1570
1571 b1 += k0;
1572 b0 += b1 + k8;
1573 b1 = rol64(b1, 46) ^ b0;
1574
1575 b3 += k2;
1576 b2 += b3 + k1;
1577 b3 = rol64(b3, 36) ^ b2;
1578
1579 b5 += k4 + t2;
1580 b4 += b5 + k3;
1581 b5 = rol64(b5, 19) ^ b4;
1582
1583 b7 += k6 + 8;
1584 b6 += b7 + k5 + t0;
1585 b7 = rol64(b7, 37) ^ b6;
1586
1587 b2 += b1;
1588 b1 = rol64(b1, 33) ^ b2;
1589
1590 b4 += b7;
1591 b7 = rol64(b7, 27) ^ b4;
1592
1593 b6 += b5;
1594 b5 = rol64(b5, 14) ^ b6;
1595
1596 b0 += b3;
1597 b3 = rol64(b3, 42) ^ b0;
1598
1599 b4 += b1;
1600 b1 = rol64(b1, 17) ^ b4;
1601
1602 b6 += b3;
1603 b3 = rol64(b3, 49) ^ b6;
1604
1605 b0 += b5;
1606 b5 = rol64(b5, 36) ^ b0;
1607
1608 b2 += b7;
1609 b7 = rol64(b7, 39) ^ b2;
1610
1611 b6 += b1;
1612 b1 = rol64(b1, 44) ^ b6;
1613
1614 b0 += b7;
1615 b7 = rol64(b7, 9) ^ b0;
1616
1617 b2 += b5;
1618 b5 = rol64(b5, 54) ^ b2;
1619
1620 b4 += b3;
1621 b3 = rol64(b3, 56) ^ b4;
1622
1623 b1 += k1;
1624 b0 += b1 + k0;
1625 b1 = rol64(b1, 39) ^ b0;
1626
1627 b3 += k3;
1628 b2 += b3 + k2;
1629 b3 = rol64(b3, 30) ^ b2;
1630
1631 b5 += k5 + t0;
1632 b4 += b5 + k4;
1633 b5 = rol64(b5, 34) ^ b4;
1634
1635 b7 += k7 + 9;
1636 b6 += b7 + k6 + t1;
1637 b7 = rol64(b7, 24) ^ b6;
1638
1639 b2 += b1;
1640 b1 = rol64(b1, 13) ^ b2;
1641
1642 b4 += b7;
1643 b7 = rol64(b7, 50) ^ b4;
1644
1645 b6 += b5;
1646 b5 = rol64(b5, 10) ^ b6;
1647
1648 b0 += b3;
1649 b3 = rol64(b3, 17) ^ b0;
1650
1651 b4 += b1;
1652 b1 = rol64(b1, 25) ^ b4;
1653
1654 b6 += b3;
1655 b3 = rol64(b3, 29) ^ b6;
1656
1657 b0 += b5;
1658 b5 = rol64(b5, 39) ^ b0;
1659
1660 b2 += b7;
1661 b7 = rol64(b7, 43) ^ b2;
1662
1663 b6 += b1;
1664 b1 = rol64(b1, 8) ^ b6;
1665
1666 b0 += b7;
1667 b7 = rol64(b7, 35) ^ b0;
1668
1669 b2 += b5;
1670 b5 = rol64(b5, 56) ^ b2;
1671
1672 b4 += b3;
1673 b3 = rol64(b3, 22) ^ b4;
1674
1675 b1 += k2;
1676 b0 += b1 + k1;
1677 b1 = rol64(b1, 46) ^ b0;
1678
1679 b3 += k4;
1680 b2 += b3 + k3;
1681 b3 = rol64(b3, 36) ^ b2;
1682
1683 b5 += k6 + t1;
1684 b4 += b5 + k5;
1685 b5 = rol64(b5, 19) ^ b4;
1686
1687 b7 += k8 + 10;
1688 b6 += b7 + k7 + t2;
1689 b7 = rol64(b7, 37) ^ b6;
1690
1691 b2 += b1;
1692 b1 = rol64(b1, 33) ^ b2;
1693
1694 b4 += b7;
1695 b7 = rol64(b7, 27) ^ b4;
1696
1697 b6 += b5;
1698 b5 = rol64(b5, 14) ^ b6;
1699
1700 b0 += b3;
1701 b3 = rol64(b3, 42) ^ b0;
1702
1703 b4 += b1;
1704 b1 = rol64(b1, 17) ^ b4;
1705
1706 b6 += b3;
1707 b3 = rol64(b3, 49) ^ b6;
1708
1709 b0 += b5;
1710 b5 = rol64(b5, 36) ^ b0;
1711
1712 b2 += b7;
1713 b7 = rol64(b7, 39) ^ b2;
1714
1715 b6 += b1;
1716 b1 = rol64(b1, 44) ^ b6;
1717
1718 b0 += b7;
1719 b7 = rol64(b7, 9) ^ b0;
1720
1721 b2 += b5;
1722 b5 = rol64(b5, 54) ^ b2;
1723
1724 b4 += b3;
1725 b3 = rol64(b3, 56) ^ b4;
1726
1727 b1 += k3;
1728 b0 += b1 + k2;
1729 b1 = rol64(b1, 39) ^ b0;
1730
1731 b3 += k5;
1732 b2 += b3 + k4;
1733 b3 = rol64(b3, 30) ^ b2;
1734
1735 b5 += k7 + t2;
1736 b4 += b5 + k6;
1737 b5 = rol64(b5, 34) ^ b4;
1738
1739 b7 += k0 + 11;
1740 b6 += b7 + k8 + t0;
1741 b7 = rol64(b7, 24) ^ b6;
1742
1743 b2 += b1;
1744 b1 = rol64(b1, 13) ^ b2;
1745
1746 b4 += b7;
1747 b7 = rol64(b7, 50) ^ b4;
1748
1749 b6 += b5;
1750 b5 = rol64(b5, 10) ^ b6;
1751
1752 b0 += b3;
1753 b3 = rol64(b3, 17) ^ b0;
1754
1755 b4 += b1;
1756 b1 = rol64(b1, 25) ^ b4;
1757
1758 b6 += b3;
1759 b3 = rol64(b3, 29) ^ b6;
1760
1761 b0 += b5;
1762 b5 = rol64(b5, 39) ^ b0;
1763
1764 b2 += b7;
1765 b7 = rol64(b7, 43) ^ b2;
1766
1767 b6 += b1;
1768 b1 = rol64(b1, 8) ^ b6;
1769
1770 b0 += b7;
1771 b7 = rol64(b7, 35) ^ b0;
1772
1773 b2 += b5;
1774 b5 = rol64(b5, 56) ^ b2;
1775
1776 b4 += b3;
1777 b3 = rol64(b3, 22) ^ b4;
1778
1779 b1 += k4;
1780 b0 += b1 + k3;
1781 b1 = rol64(b1, 46) ^ b0;
1782
1783 b3 += k6;
1784 b2 += b3 + k5;
1785 b3 = rol64(b3, 36) ^ b2;
1786
1787 b5 += k8 + t0;
1788 b4 += b5 + k7;
1789 b5 = rol64(b5, 19) ^ b4;
1790
1791 b7 += k1 + 12;
1792 b6 += b7 + k0 + t1;
1793 b7 = rol64(b7, 37) ^ b6;
1794
1795 b2 += b1;
1796 b1 = rol64(b1, 33) ^ b2;
1797
1798 b4 += b7;
1799 b7 = rol64(b7, 27) ^ b4;
1800
1801 b6 += b5;
1802 b5 = rol64(b5, 14) ^ b6;
1803
1804 b0 += b3;
1805 b3 = rol64(b3, 42) ^ b0;
1806
1807 b4 += b1;
1808 b1 = rol64(b1, 17) ^ b4;
1809
1810 b6 += b3;
1811 b3 = rol64(b3, 49) ^ b6;
1812
1813 b0 += b5;
1814 b5 = rol64(b5, 36) ^ b0;
1815
1816 b2 += b7;
1817 b7 = rol64(b7, 39) ^ b2;
1818
1819 b6 += b1;
1820 b1 = rol64(b1, 44) ^ b6;
1821
1822 b0 += b7;
1823 b7 = rol64(b7, 9) ^ b0;
1824
1825 b2 += b5;
1826 b5 = rol64(b5, 54) ^ b2;
1827
1828 b4 += b3;
1829 b3 = rol64(b3, 56) ^ b4;
1830
1831 b1 += k5;
1832 b0 += b1 + k4;
1833 b1 = rol64(b1, 39) ^ b0;
1834
1835 b3 += k7;
1836 b2 += b3 + k6;
1837 b3 = rol64(b3, 30) ^ b2;
1838
1839 b5 += k0 + t1;
1840 b4 += b5 + k8;
1841 b5 = rol64(b5, 34) ^ b4;
1842
1843 b7 += k2 + 13;
1844 b6 += b7 + k1 + t2;
1845 b7 = rol64(b7, 24) ^ b6;
1846
1847 b2 += b1;
1848 b1 = rol64(b1, 13) ^ b2;
1849
1850 b4 += b7;
1851 b7 = rol64(b7, 50) ^ b4;
1852
1853 b6 += b5;
1854 b5 = rol64(b5, 10) ^ b6;
1855
1856 b0 += b3;
1857 b3 = rol64(b3, 17) ^ b0;
1858
1859 b4 += b1;
1860 b1 = rol64(b1, 25) ^ b4;
1861
1862 b6 += b3;
1863 b3 = rol64(b3, 29) ^ b6;
1864
1865 b0 += b5;
1866 b5 = rol64(b5, 39) ^ b0;
1867
1868 b2 += b7;
1869 b7 = rol64(b7, 43) ^ b2;
1870
1871 b6 += b1;
1872 b1 = rol64(b1, 8) ^ b6;
1873
1874 b0 += b7;
1875 b7 = rol64(b7, 35) ^ b0;
1876
1877 b2 += b5;
1878 b5 = rol64(b5, 56) ^ b2;
1879
1880 b4 += b3;
1881 b3 = rol64(b3, 22) ^ b4;
1882
1883 b1 += k6;
1884 b0 += b1 + k5;
1885 b1 = rol64(b1, 46) ^ b0;
1886
1887 b3 += k8;
1888 b2 += b3 + k7;
1889 b3 = rol64(b3, 36) ^ b2;
1890
1891 b5 += k1 + t2;
1892 b4 += b5 + k0;
1893 b5 = rol64(b5, 19) ^ b4;
1894
1895 b7 += k3 + 14;
1896 b6 += b7 + k2 + t0;
1897 b7 = rol64(b7, 37) ^ b6;
1898
1899 b2 += b1;
1900 b1 = rol64(b1, 33) ^ b2;
1901
1902 b4 += b7;
1903 b7 = rol64(b7, 27) ^ b4;
1904
1905 b6 += b5;
1906 b5 = rol64(b5, 14) ^ b6;
1907
1908 b0 += b3;
1909 b3 = rol64(b3, 42) ^ b0;
1910
1911 b4 += b1;
1912 b1 = rol64(b1, 17) ^ b4;
1913
1914 b6 += b3;
1915 b3 = rol64(b3, 49) ^ b6;
1916
1917 b0 += b5;
1918 b5 = rol64(b5, 36) ^ b0;
1919
1920 b2 += b7;
1921 b7 = rol64(b7, 39) ^ b2;
1922
1923 b6 += b1;
1924 b1 = rol64(b1, 44) ^ b6;
1925
1926 b0 += b7;
1927 b7 = rol64(b7, 9) ^ b0;
1928
1929 b2 += b5;
1930 b5 = rol64(b5, 54) ^ b2;
1931
1932 b4 += b3;
1933 b3 = rol64(b3, 56) ^ b4;
1934
1935 b1 += k7;
1936 b0 += b1 + k6;
1937 b1 = rol64(b1, 39) ^ b0;
1938
1939 b3 += k0;
1940 b2 += b3 + k8;
1941 b3 = rol64(b3, 30) ^ b2;
1942
1943 b5 += k2 + t0;
1944 b4 += b5 + k1;
1945 b5 = rol64(b5, 34) ^ b4;
1946
1947 b7 += k4 + 15;
1948 b6 += b7 + k3 + t1;
1949 b7 = rol64(b7, 24) ^ b6;
1950
1951 b2 += b1;
1952 b1 = rol64(b1, 13) ^ b2;
1953
1954 b4 += b7;
1955 b7 = rol64(b7, 50) ^ b4;
1956
1957 b6 += b5;
1958 b5 = rol64(b5, 10) ^ b6;
1959
1960 b0 += b3;
1961 b3 = rol64(b3, 17) ^ b0;
1962
1963 b4 += b1;
1964 b1 = rol64(b1, 25) ^ b4;
1965
1966 b6 += b3;
1967 b3 = rol64(b3, 29) ^ b6;
1968
1969 b0 += b5;
1970 b5 = rol64(b5, 39) ^ b0;
1971
1972 b2 += b7;
1973 b7 = rol64(b7, 43) ^ b2;
1974
1975 b6 += b1;
1976 b1 = rol64(b1, 8) ^ b6;
1977
1978 b0 += b7;
1979 b7 = rol64(b7, 35) ^ b0;
1980
1981 b2 += b5;
1982 b5 = rol64(b5, 56) ^ b2;
1983
1984 b4 += b3;
1985 b3 = rol64(b3, 22) ^ b4;
1986
1987 b1 += k8;
1988 b0 += b1 + k7;
1989 b1 = rol64(b1, 46) ^ b0;
1990
1991 b3 += k1;
1992 b2 += b3 + k0;
1993 b3 = rol64(b3, 36) ^ b2;
1994
1995 b5 += k3 + t1;
1996 b4 += b5 + k2;
1997 b5 = rol64(b5, 19) ^ b4;
1998
1999 b7 += k5 + 16;
2000 b6 += b7 + k4 + t2;
2001 b7 = rol64(b7, 37) ^ b6;
2002
2003 b2 += b1;
2004 b1 = rol64(b1, 33) ^ b2;
2005
2006 b4 += b7;
2007 b7 = rol64(b7, 27) ^ b4;
2008
2009 b6 += b5;
2010 b5 = rol64(b5, 14) ^ b6;
2011
2012 b0 += b3;
2013 b3 = rol64(b3, 42) ^ b0;
2014
2015 b4 += b1;
2016 b1 = rol64(b1, 17) ^ b4;
2017
2018 b6 += b3;
2019 b3 = rol64(b3, 49) ^ b6;
2020
2021 b0 += b5;
2022 b5 = rol64(b5, 36) ^ b0;
2023
2024 b2 += b7;
2025 b7 = rol64(b7, 39) ^ b2;
2026
2027 b6 += b1;
2028 b1 = rol64(b1, 44) ^ b6;
2029
2030 b0 += b7;
2031 b7 = rol64(b7, 9) ^ b0;
2032
2033 b2 += b5;
2034 b5 = rol64(b5, 54) ^ b2;
2035
2036 b4 += b3;
2037 b3 = rol64(b3, 56) ^ b4;
2038
2039 b1 += k0;
2040 b0 += b1 + k8;
2041 b1 = rol64(b1, 39) ^ b0;
2042
2043 b3 += k2;
2044 b2 += b3 + k1;
2045 b3 = rol64(b3, 30) ^ b2;
2046
2047 b5 += k4 + t2;
2048 b4 += b5 + k3;
2049 b5 = rol64(b5, 34) ^ b4;
2050
2051 b7 += k6 + 17;
2052 b6 += b7 + k5 + t0;
2053 b7 = rol64(b7, 24) ^ b6;
2054
2055 b2 += b1;
2056 b1 = rol64(b1, 13) ^ b2;
2057
2058 b4 += b7;
2059 b7 = rol64(b7, 50) ^ b4;
2060
2061 b6 += b5;
2062 b5 = rol64(b5, 10) ^ b6;
2063
2064 b0 += b3;
2065 b3 = rol64(b3, 17) ^ b0;
2066
2067 b4 += b1;
2068 b1 = rol64(b1, 25) ^ b4;
2069
2070 b6 += b3;
2071 b3 = rol64(b3, 29) ^ b6;
2072
2073 b0 += b5;
2074 b5 = rol64(b5, 39) ^ b0;
2075
2076 b2 += b7;
2077 b7 = rol64(b7, 43) ^ b2;
2078
2079 b6 += b1;
2080 b1 = rol64(b1, 8) ^ b6;
2081
2082 b0 += b7;
2083 b7 = rol64(b7, 35) ^ b0;
2084
2085 b2 += b5;
2086 b5 = rol64(b5, 56) ^ b2;
2087
2088 b4 += b3;
2089 b3 = rol64(b3, 22) ^ b4;
2090
2091 output[0] = b0 + k0;
2092 output[1] = b1 + k1;
2093 output[2] = b2 + k2;
2094 output[3] = b3 + k3;
2095 output[4] = b4 + k4;
2096 output[5] = b5 + k5 + t0;
2097 output[6] = b6 + k6 + t1;
2098 output[7] = b7 + k7 + 18;
2099 }
2100
2101 void threefish_decrypt_512(struct threefish_key *key_ctx, u64 *input,
2102 u64 *output)
2103 {
2104 u64 b0 = input[0], b1 = input[1],
2105 b2 = input[2], b3 = input[3],
2106 b4 = input[4], b5 = input[5],
2107 b6 = input[6], b7 = input[7];
2108 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
2109 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
2110 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
2111 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
2112 k8 = key_ctx->key[8];
2113 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
2114 t2 = key_ctx->tweak[2];
2115
2116 u64 tmp;
2117
2118 b0 -= k0;
2119 b1 -= k1;
2120 b2 -= k2;
2121 b3 -= k3;
2122 b4 -= k4;
2123 b5 -= k5 + t0;
2124 b6 -= k6 + t1;
2125 b7 -= k7 + 18;
2126
2127 tmp = b3 ^ b4;
2128 b3 = (tmp >> 22) | (tmp << (64 - 22));
2129 b4 -= b3;
2130
2131 tmp = b5 ^ b2;
2132 b5 = (tmp >> 56) | (tmp << (64 - 56));
2133 b2 -= b5;
2134
2135 tmp = b7 ^ b0;
2136 b7 = (tmp >> 35) | (tmp << (64 - 35));
2137 b0 -= b7;
2138
2139 tmp = b1 ^ b6;
2140 b1 = (tmp >> 8) | (tmp << (64 - 8));
2141 b6 -= b1;
2142
2143 tmp = b7 ^ b2;
2144 b7 = (tmp >> 43) | (tmp << (64 - 43));
2145 b2 -= b7;
2146
2147 tmp = b5 ^ b0;
2148 b5 = (tmp >> 39) | (tmp << (64 - 39));
2149 b0 -= b5;
2150
2151 tmp = b3 ^ b6;
2152 b3 = (tmp >> 29) | (tmp << (64 - 29));
2153 b6 -= b3;
2154
2155 tmp = b1 ^ b4;
2156 b1 = (tmp >> 25) | (tmp << (64 - 25));
2157 b4 -= b1;
2158
2159 tmp = b3 ^ b0;
2160 b3 = (tmp >> 17) | (tmp << (64 - 17));
2161 b0 -= b3;
2162
2163 tmp = b5 ^ b6;
2164 b5 = (tmp >> 10) | (tmp << (64 - 10));
2165 b6 -= b5;
2166
2167 tmp = b7 ^ b4;
2168 b7 = (tmp >> 50) | (tmp << (64 - 50));
2169 b4 -= b7;
2170
2171 tmp = b1 ^ b2;
2172 b1 = (tmp >> 13) | (tmp << (64 - 13));
2173 b2 -= b1;
2174
2175 tmp = b7 ^ b6;
2176 b7 = (tmp >> 24) | (tmp << (64 - 24));
2177 b6 -= b7 + k5 + t0;
2178 b7 -= k6 + 17;
2179
2180 tmp = b5 ^ b4;
2181 b5 = (tmp >> 34) | (tmp << (64 - 34));
2182 b4 -= b5 + k3;
2183 b5 -= k4 + t2;
2184
2185 tmp = b3 ^ b2;
2186 b3 = (tmp >> 30) | (tmp << (64 - 30));
2187 b2 -= b3 + k1;
2188 b3 -= k2;
2189
2190 tmp = b1 ^ b0;
2191 b1 = (tmp >> 39) | (tmp << (64 - 39));
2192 b0 -= b1 + k8;
2193 b1 -= k0;
2194
2195 tmp = b3 ^ b4;
2196 b3 = (tmp >> 56) | (tmp << (64 - 56));
2197 b4 -= b3;
2198
2199 tmp = b5 ^ b2;
2200 b5 = (tmp >> 54) | (tmp << (64 - 54));
2201 b2 -= b5;
2202
2203 tmp = b7 ^ b0;
2204 b7 = (tmp >> 9) | (tmp << (64 - 9));
2205 b0 -= b7;
2206
2207 tmp = b1 ^ b6;
2208 b1 = (tmp >> 44) | (tmp << (64 - 44));
2209 b6 -= b1;
2210
2211 tmp = b7 ^ b2;
2212 b7 = (tmp >> 39) | (tmp << (64 - 39));
2213 b2 -= b7;
2214
2215 tmp = b5 ^ b0;
2216 b5 = (tmp >> 36) | (tmp << (64 - 36));
2217 b0 -= b5;
2218
2219 tmp = b3 ^ b6;
2220 b3 = (tmp >> 49) | (tmp << (64 - 49));
2221 b6 -= b3;
2222
2223 tmp = b1 ^ b4;
2224 b1 = (tmp >> 17) | (tmp << (64 - 17));
2225 b4 -= b1;
2226
2227 tmp = b3 ^ b0;
2228 b3 = (tmp >> 42) | (tmp << (64 - 42));
2229 b0 -= b3;
2230
2231 tmp = b5 ^ b6;
2232 b5 = (tmp >> 14) | (tmp << (64 - 14));
2233 b6 -= b5;
2234
2235 tmp = b7 ^ b4;
2236 b7 = (tmp >> 27) | (tmp << (64 - 27));
2237 b4 -= b7;
2238
2239 tmp = b1 ^ b2;
2240 b1 = (tmp >> 33) | (tmp << (64 - 33));
2241 b2 -= b1;
2242
2243 tmp = b7 ^ b6;
2244 b7 = (tmp >> 37) | (tmp << (64 - 37));
2245 b6 -= b7 + k4 + t2;
2246 b7 -= k5 + 16;
2247
2248 tmp = b5 ^ b4;
2249 b5 = (tmp >> 19) | (tmp << (64 - 19));
2250 b4 -= b5 + k2;
2251 b5 -= k3 + t1;
2252
2253 tmp = b3 ^ b2;
2254 b3 = (tmp >> 36) | (tmp << (64 - 36));
2255 b2 -= b3 + k0;
2256 b3 -= k1;
2257
2258 tmp = b1 ^ b0;
2259 b1 = (tmp >> 46) | (tmp << (64 - 46));
2260 b0 -= b1 + k7;
2261 b1 -= k8;
2262
2263 tmp = b3 ^ b4;
2264 b3 = (tmp >> 22) | (tmp << (64 - 22));
2265 b4 -= b3;
2266
2267 tmp = b5 ^ b2;
2268 b5 = (tmp >> 56) | (tmp << (64 - 56));
2269 b2 -= b5;
2270
2271 tmp = b7 ^ b0;
2272 b7 = (tmp >> 35) | (tmp << (64 - 35));
2273 b0 -= b7;
2274
2275 tmp = b1 ^ b6;
2276 b1 = (tmp >> 8) | (tmp << (64 - 8));
2277 b6 -= b1;
2278
2279 tmp = b7 ^ b2;
2280 b7 = (tmp >> 43) | (tmp << (64 - 43));
2281 b2 -= b7;
2282
2283 tmp = b5 ^ b0;
2284 b5 = (tmp >> 39) | (tmp << (64 - 39));
2285 b0 -= b5;
2286
2287 tmp = b3 ^ b6;
2288 b3 = (tmp >> 29) | (tmp << (64 - 29));
2289 b6 -= b3;
2290
2291 tmp = b1 ^ b4;
2292 b1 = (tmp >> 25) | (tmp << (64 - 25));
2293 b4 -= b1;
2294
2295 tmp = b3 ^ b0;
2296 b3 = (tmp >> 17) | (tmp << (64 - 17));
2297 b0 -= b3;
2298
2299 tmp = b5 ^ b6;
2300 b5 = (tmp >> 10) | (tmp << (64 - 10));
2301 b6 -= b5;
2302
2303 tmp = b7 ^ b4;
2304 b7 = (tmp >> 50) | (tmp << (64 - 50));
2305 b4 -= b7;
2306
2307 tmp = b1 ^ b2;
2308 b1 = (tmp >> 13) | (tmp << (64 - 13));
2309 b2 -= b1;
2310
2311 tmp = b7 ^ b6;
2312 b7 = (tmp >> 24) | (tmp << (64 - 24));
2313 b6 -= b7 + k3 + t1;
2314 b7 -= k4 + 15;
2315
2316 tmp = b5 ^ b4;
2317 b5 = (tmp >> 34) | (tmp << (64 - 34));
2318 b4 -= b5 + k1;
2319 b5 -= k2 + t0;
2320
2321 tmp = b3 ^ b2;
2322 b3 = (tmp >> 30) | (tmp << (64 - 30));
2323 b2 -= b3 + k8;
2324 b3 -= k0;
2325
2326 tmp = b1 ^ b0;
2327 b1 = (tmp >> 39) | (tmp << (64 - 39));
2328 b0 -= b1 + k6;
2329 b1 -= k7;
2330
2331 tmp = b3 ^ b4;
2332 b3 = (tmp >> 56) | (tmp << (64 - 56));
2333 b4 -= b3;
2334
2335 tmp = b5 ^ b2;
2336 b5 = (tmp >> 54) | (tmp << (64 - 54));
2337 b2 -= b5;
2338
2339 tmp = b7 ^ b0;
2340 b7 = (tmp >> 9) | (tmp << (64 - 9));
2341 b0 -= b7;
2342
2343 tmp = b1 ^ b6;
2344 b1 = (tmp >> 44) | (tmp << (64 - 44));
2345 b6 -= b1;
2346
2347 tmp = b7 ^ b2;
2348 b7 = (tmp >> 39) | (tmp << (64 - 39));
2349 b2 -= b7;
2350
2351 tmp = b5 ^ b0;
2352 b5 = (tmp >> 36) | (tmp << (64 - 36));
2353 b0 -= b5;
2354
2355 tmp = b3 ^ b6;
2356 b3 = (tmp >> 49) | (tmp << (64 - 49));
2357 b6 -= b3;
2358
2359 tmp = b1 ^ b4;
2360 b1 = (tmp >> 17) | (tmp << (64 - 17));
2361 b4 -= b1;
2362
2363 tmp = b3 ^ b0;
2364 b3 = (tmp >> 42) | (tmp << (64 - 42));
2365 b0 -= b3;
2366
2367 tmp = b5 ^ b6;
2368 b5 = (tmp >> 14) | (tmp << (64 - 14));
2369 b6 -= b5;
2370
2371 tmp = b7 ^ b4;
2372 b7 = (tmp >> 27) | (tmp << (64 - 27));
2373 b4 -= b7;
2374
2375 tmp = b1 ^ b2;
2376 b1 = (tmp >> 33) | (tmp << (64 - 33));
2377 b2 -= b1;
2378
2379 tmp = b7 ^ b6;
2380 b7 = (tmp >> 37) | (tmp << (64 - 37));
2381 b6 -= b7 + k2 + t0;
2382 b7 -= k3 + 14;
2383
2384 tmp = b5 ^ b4;
2385 b5 = (tmp >> 19) | (tmp << (64 - 19));
2386 b4 -= b5 + k0;
2387 b5 -= k1 + t2;
2388
2389 tmp = b3 ^ b2;
2390 b3 = (tmp >> 36) | (tmp << (64 - 36));
2391 b2 -= b3 + k7;
2392 b3 -= k8;
2393
2394 tmp = b1 ^ b0;
2395 b1 = (tmp >> 46) | (tmp << (64 - 46));
2396 b0 -= b1 + k5;
2397 b1 -= k6;
2398
2399 tmp = b3 ^ b4;
2400 b3 = (tmp >> 22) | (tmp << (64 - 22));
2401 b4 -= b3;
2402
2403 tmp = b5 ^ b2;
2404 b5 = (tmp >> 56) | (tmp << (64 - 56));
2405 b2 -= b5;
2406
2407 tmp = b7 ^ b0;
2408 b7 = (tmp >> 35) | (tmp << (64 - 35));
2409 b0 -= b7;
2410
2411 tmp = b1 ^ b6;
2412 b1 = (tmp >> 8) | (tmp << (64 - 8));
2413 b6 -= b1;
2414
2415 tmp = b7 ^ b2;
2416 b7 = (tmp >> 43) | (tmp << (64 - 43));
2417 b2 -= b7;
2418
2419 tmp = b5 ^ b0;
2420 b5 = (tmp >> 39) | (tmp << (64 - 39));
2421 b0 -= b5;
2422
2423 tmp = b3 ^ b6;
2424 b3 = (tmp >> 29) | (tmp << (64 - 29));
2425 b6 -= b3;
2426
2427 tmp = b1 ^ b4;
2428 b1 = (tmp >> 25) | (tmp << (64 - 25));
2429 b4 -= b1;
2430
2431 tmp = b3 ^ b0;
2432 b3 = (tmp >> 17) | (tmp << (64 - 17));
2433 b0 -= b3;
2434
2435 tmp = b5 ^ b6;
2436 b5 = (tmp >> 10) | (tmp << (64 - 10));
2437 b6 -= b5;
2438
2439 tmp = b7 ^ b4;
2440 b7 = (tmp >> 50) | (tmp << (64 - 50));
2441 b4 -= b7;
2442
2443 tmp = b1 ^ b2;
2444 b1 = (tmp >> 13) | (tmp << (64 - 13));
2445 b2 -= b1;
2446
2447 tmp = b7 ^ b6;
2448 b7 = (tmp >> 24) | (tmp << (64 - 24));
2449 b6 -= b7 + k1 + t2;
2450 b7 -= k2 + 13;
2451
2452 tmp = b5 ^ b4;
2453 b5 = (tmp >> 34) | (tmp << (64 - 34));
2454 b4 -= b5 + k8;
2455 b5 -= k0 + t1;
2456
2457 tmp = b3 ^ b2;
2458 b3 = (tmp >> 30) | (tmp << (64 - 30));
2459 b2 -= b3 + k6;
2460 b3 -= k7;
2461
2462 tmp = b1 ^ b0;
2463 b1 = (tmp >> 39) | (tmp << (64 - 39));
2464 b0 -= b1 + k4;
2465 b1 -= k5;
2466
2467 tmp = b3 ^ b4;
2468 b3 = (tmp >> 56) | (tmp << (64 - 56));
2469 b4 -= b3;
2470
2471 tmp = b5 ^ b2;
2472 b5 = (tmp >> 54) | (tmp << (64 - 54));
2473 b2 -= b5;
2474
2475 tmp = b7 ^ b0;
2476 b7 = (tmp >> 9) | (tmp << (64 - 9));
2477 b0 -= b7;
2478
2479 tmp = b1 ^ b6;
2480 b1 = (tmp >> 44) | (tmp << (64 - 44));
2481 b6 -= b1;
2482
2483 tmp = b7 ^ b2;
2484 b7 = (tmp >> 39) | (tmp << (64 - 39));
2485 b2 -= b7;
2486
2487 tmp = b5 ^ b0;
2488 b5 = (tmp >> 36) | (tmp << (64 - 36));
2489 b0 -= b5;
2490
2491 tmp = b3 ^ b6;
2492 b3 = (tmp >> 49) | (tmp << (64 - 49));
2493 b6 -= b3;
2494
2495 tmp = b1 ^ b4;
2496 b1 = (tmp >> 17) | (tmp << (64 - 17));
2497 b4 -= b1;
2498
2499 tmp = b3 ^ b0;
2500 b3 = (tmp >> 42) | (tmp << (64 - 42));
2501 b0 -= b3;
2502
2503 tmp = b5 ^ b6;
2504 b5 = (tmp >> 14) | (tmp << (64 - 14));
2505 b6 -= b5;
2506
2507 tmp = b7 ^ b4;
2508 b7 = (tmp >> 27) | (tmp << (64 - 27));
2509 b4 -= b7;
2510
2511 tmp = b1 ^ b2;
2512 b1 = (tmp >> 33) | (tmp << (64 - 33));
2513 b2 -= b1;
2514
2515 tmp = b7 ^ b6;
2516 b7 = (tmp >> 37) | (tmp << (64 - 37));
2517 b6 -= b7 + k0 + t1;
2518 b7 -= k1 + 12;
2519
2520 tmp = b5 ^ b4;
2521 b5 = (tmp >> 19) | (tmp << (64 - 19));
2522 b4 -= b5 + k7;
2523 b5 -= k8 + t0;
2524
2525 tmp = b3 ^ b2;
2526 b3 = (tmp >> 36) | (tmp << (64 - 36));
2527 b2 -= b3 + k5;
2528 b3 -= k6;
2529
2530 tmp = b1 ^ b0;
2531 b1 = (tmp >> 46) | (tmp << (64 - 46));
2532 b0 -= b1 + k3;
2533 b1 -= k4;
2534
2535 tmp = b3 ^ b4;
2536 b3 = (tmp >> 22) | (tmp << (64 - 22));
2537 b4 -= b3;
2538
2539 tmp = b5 ^ b2;
2540 b5 = (tmp >> 56) | (tmp << (64 - 56));
2541 b2 -= b5;
2542
2543 tmp = b7 ^ b0;
2544 b7 = (tmp >> 35) | (tmp << (64 - 35));
2545 b0 -= b7;
2546
2547 tmp = b1 ^ b6;
2548 b1 = (tmp >> 8) | (tmp << (64 - 8));
2549 b6 -= b1;
2550
2551 tmp = b7 ^ b2;
2552 b7 = (tmp >> 43) | (tmp << (64 - 43));
2553 b2 -= b7;
2554
2555 tmp = b5 ^ b0;
2556 b5 = (tmp >> 39) | (tmp << (64 - 39));
2557 b0 -= b5;
2558
2559 tmp = b3 ^ b6;
2560 b3 = (tmp >> 29) | (tmp << (64 - 29));
2561 b6 -= b3;
2562
2563 tmp = b1 ^ b4;
2564 b1 = (tmp >> 25) | (tmp << (64 - 25));
2565 b4 -= b1;
2566
2567 tmp = b3 ^ b0;
2568 b3 = (tmp >> 17) | (tmp << (64 - 17));
2569 b0 -= b3;
2570
2571 tmp = b5 ^ b6;
2572 b5 = (tmp >> 10) | (tmp << (64 - 10));
2573 b6 -= b5;
2574
2575 tmp = b7 ^ b4;
2576 b7 = (tmp >> 50) | (tmp << (64 - 50));
2577 b4 -= b7;
2578
2579 tmp = b1 ^ b2;
2580 b1 = (tmp >> 13) | (tmp << (64 - 13));
2581 b2 -= b1;
2582
2583 tmp = b7 ^ b6;
2584 b7 = (tmp >> 24) | (tmp << (64 - 24));
2585 b6 -= b7 + k8 + t0;
2586 b7 -= k0 + 11;
2587
2588 tmp = b5 ^ b4;
2589 b5 = (tmp >> 34) | (tmp << (64 - 34));
2590 b4 -= b5 + k6;
2591 b5 -= k7 + t2;
2592
2593 tmp = b3 ^ b2;
2594 b3 = (tmp >> 30) | (tmp << (64 - 30));
2595 b2 -= b3 + k4;
2596 b3 -= k5;
2597
2598 tmp = b1 ^ b0;
2599 b1 = (tmp >> 39) | (tmp << (64 - 39));
2600 b0 -= b1 + k2;
2601 b1 -= k3;
2602
2603 tmp = b3 ^ b4;
2604 b3 = (tmp >> 56) | (tmp << (64 - 56));
2605 b4 -= b3;
2606
2607 tmp = b5 ^ b2;
2608 b5 = (tmp >> 54) | (tmp << (64 - 54));
2609 b2 -= b5;
2610
2611 tmp = b7 ^ b0;
2612 b7 = (tmp >> 9) | (tmp << (64 - 9));
2613 b0 -= b7;
2614
2615 tmp = b1 ^ b6;
2616 b1 = (tmp >> 44) | (tmp << (64 - 44));
2617 b6 -= b1;
2618
2619 tmp = b7 ^ b2;
2620 b7 = (tmp >> 39) | (tmp << (64 - 39));
2621 b2 -= b7;
2622
2623 tmp = b5 ^ b0;
2624 b5 = (tmp >> 36) | (tmp << (64 - 36));
2625 b0 -= b5;
2626
2627 tmp = b3 ^ b6;
2628 b3 = (tmp >> 49) | (tmp << (64 - 49));
2629 b6 -= b3;
2630
2631 tmp = b1 ^ b4;
2632 b1 = (tmp >> 17) | (tmp << (64 - 17));
2633 b4 -= b1;
2634
2635 tmp = b3 ^ b0;
2636 b3 = (tmp >> 42) | (tmp << (64 - 42));
2637 b0 -= b3;
2638
2639 tmp = b5 ^ b6;
2640 b5 = (tmp >> 14) | (tmp << (64 - 14));
2641 b6 -= b5;
2642
2643 tmp = b7 ^ b4;
2644 b7 = (tmp >> 27) | (tmp << (64 - 27));
2645 b4 -= b7;
2646
2647 tmp = b1 ^ b2;
2648 b1 = (tmp >> 33) | (tmp << (64 - 33));
2649 b2 -= b1;
2650
2651 tmp = b7 ^ b6;
2652 b7 = (tmp >> 37) | (tmp << (64 - 37));
2653 b6 -= b7 + k7 + t2;
2654 b7 -= k8 + 10;
2655
2656 tmp = b5 ^ b4;
2657 b5 = (tmp >> 19) | (tmp << (64 - 19));
2658 b4 -= b5 + k5;
2659 b5 -= k6 + t1;
2660
2661 tmp = b3 ^ b2;
2662 b3 = (tmp >> 36) | (tmp << (64 - 36));
2663 b2 -= b3 + k3;
2664 b3 -= k4;
2665
2666 tmp = b1 ^ b0;
2667 b1 = (tmp >> 46) | (tmp << (64 - 46));
2668 b0 -= b1 + k1;
2669 b1 -= k2;
2670
2671 tmp = b3 ^ b4;
2672 b3 = (tmp >> 22) | (tmp << (64 - 22));
2673 b4 -= b3;
2674
2675 tmp = b5 ^ b2;
2676 b5 = (tmp >> 56) | (tmp << (64 - 56));
2677 b2 -= b5;
2678
2679 tmp = b7 ^ b0;
2680 b7 = (tmp >> 35) | (tmp << (64 - 35));
2681 b0 -= b7;
2682
2683 tmp = b1 ^ b6;
2684 b1 = (tmp >> 8) | (tmp << (64 - 8));
2685 b6 -= b1;
2686
2687 tmp = b7 ^ b2;
2688 b7 = (tmp >> 43) | (tmp << (64 - 43));
2689 b2 -= b7;
2690
2691 tmp = b5 ^ b0;
2692 b5 = (tmp >> 39) | (tmp << (64 - 39));
2693 b0 -= b5;
2694
2695 tmp = b3 ^ b6;
2696 b3 = (tmp >> 29) | (tmp << (64 - 29));
2697 b6 -= b3;
2698
2699 tmp = b1 ^ b4;
2700 b1 = (tmp >> 25) | (tmp << (64 - 25));
2701 b4 -= b1;
2702
2703 tmp = b3 ^ b0;
2704 b3 = (tmp >> 17) | (tmp << (64 - 17));
2705 b0 -= b3;
2706
2707 tmp = b5 ^ b6;
2708 b5 = (tmp >> 10) | (tmp << (64 - 10));
2709 b6 -= b5;
2710
2711 tmp = b7 ^ b4;
2712 b7 = (tmp >> 50) | (tmp << (64 - 50));
2713 b4 -= b7;
2714
2715 tmp = b1 ^ b2;
2716 b1 = (tmp >> 13) | (tmp << (64 - 13));
2717 b2 -= b1;
2718
2719 tmp = b7 ^ b6;
2720 b7 = (tmp >> 24) | (tmp << (64 - 24));
2721 b6 -= b7 + k6 + t1;
2722 b7 -= k7 + 9;
2723
2724 tmp = b5 ^ b4;
2725 b5 = (tmp >> 34) | (tmp << (64 - 34));
2726 b4 -= b5 + k4;
2727 b5 -= k5 + t0;
2728
2729 tmp = b3 ^ b2;
2730 b3 = (tmp >> 30) | (tmp << (64 - 30));
2731 b2 -= b3 + k2;
2732 b3 -= k3;
2733
2734 tmp = b1 ^ b0;
2735 b1 = (tmp >> 39) | (tmp << (64 - 39));
2736 b0 -= b1 + k0;
2737 b1 -= k1;
2738
2739 tmp = b3 ^ b4;
2740 b3 = (tmp >> 56) | (tmp << (64 - 56));
2741 b4 -= b3;
2742
2743 tmp = b5 ^ b2;
2744 b5 = (tmp >> 54) | (tmp << (64 - 54));
2745 b2 -= b5;
2746
2747 tmp = b7 ^ b0;
2748 b7 = (tmp >> 9) | (tmp << (64 - 9));
2749 b0 -= b7;
2750
2751 tmp = b1 ^ b6;
2752 b1 = (tmp >> 44) | (tmp << (64 - 44));
2753 b6 -= b1;
2754
2755 tmp = b7 ^ b2;
2756 b7 = (tmp >> 39) | (tmp << (64 - 39));
2757 b2 -= b7;
2758
2759 tmp = b5 ^ b0;
2760 b5 = (tmp >> 36) | (tmp << (64 - 36));
2761 b0 -= b5;
2762
2763 tmp = b3 ^ b6;
2764 b3 = (tmp >> 49) | (tmp << (64 - 49));
2765 b6 -= b3;
2766
2767 tmp = b1 ^ b4;
2768 b1 = (tmp >> 17) | (tmp << (64 - 17));
2769 b4 -= b1;
2770
2771 tmp = b3 ^ b0;
2772 b3 = (tmp >> 42) | (tmp << (64 - 42));
2773 b0 -= b3;
2774
2775 tmp = b5 ^ b6;
2776 b5 = (tmp >> 14) | (tmp << (64 - 14));
2777 b6 -= b5;
2778
2779 tmp = b7 ^ b4;
2780 b7 = (tmp >> 27) | (tmp << (64 - 27));
2781 b4 -= b7;
2782
2783 tmp = b1 ^ b2;
2784 b1 = (tmp >> 33) | (tmp << (64 - 33));
2785 b2 -= b1;
2786
2787 tmp = b7 ^ b6;
2788 b7 = (tmp >> 37) | (tmp << (64 - 37));
2789 b6 -= b7 + k5 + t0;
2790 b7 -= k6 + 8;
2791
2792 tmp = b5 ^ b4;
2793 b5 = (tmp >> 19) | (tmp << (64 - 19));
2794 b4 -= b5 + k3;
2795 b5 -= k4 + t2;
2796
2797 tmp = b3 ^ b2;
2798 b3 = (tmp >> 36) | (tmp << (64 - 36));
2799 b2 -= b3 + k1;
2800 b3 -= k2;
2801
2802 tmp = b1 ^ b0;
2803 b1 = (tmp >> 46) | (tmp << (64 - 46));
2804 b0 -= b1 + k8;
2805 b1 -= k0;
2806
2807 tmp = b3 ^ b4;
2808 b3 = (tmp >> 22) | (tmp << (64 - 22));
2809 b4 -= b3;
2810
2811 tmp = b5 ^ b2;
2812 b5 = (tmp >> 56) | (tmp << (64 - 56));
2813 b2 -= b5;
2814
2815 tmp = b7 ^ b0;
2816 b7 = (tmp >> 35) | (tmp << (64 - 35));
2817 b0 -= b7;
2818
2819 tmp = b1 ^ b6;
2820 b1 = (tmp >> 8) | (tmp << (64 - 8));
2821 b6 -= b1;
2822
2823 tmp = b7 ^ b2;
2824 b7 = (tmp >> 43) | (tmp << (64 - 43));
2825 b2 -= b7;
2826
2827 tmp = b5 ^ b0;
2828 b5 = (tmp >> 39) | (tmp << (64 - 39));
2829 b0 -= b5;
2830
2831 tmp = b3 ^ b6;
2832 b3 = (tmp >> 29) | (tmp << (64 - 29));
2833 b6 -= b3;
2834
2835 tmp = b1 ^ b4;
2836 b1 = (tmp >> 25) | (tmp << (64 - 25));
2837 b4 -= b1;
2838
2839 tmp = b3 ^ b0;
2840 b3 = (tmp >> 17) | (tmp << (64 - 17));
2841 b0 -= b3;
2842
2843 tmp = b5 ^ b6;
2844 b5 = (tmp >> 10) | (tmp << (64 - 10));
2845 b6 -= b5;
2846
2847 tmp = b7 ^ b4;
2848 b7 = (tmp >> 50) | (tmp << (64 - 50));
2849 b4 -= b7;
2850
2851 tmp = b1 ^ b2;
2852 b1 = (tmp >> 13) | (tmp << (64 - 13));
2853 b2 -= b1;
2854
2855 tmp = b7 ^ b6;
2856 b7 = (tmp >> 24) | (tmp << (64 - 24));
2857 b6 -= b7 + k4 + t2;
2858 b7 -= k5 + 7;
2859
2860 tmp = b5 ^ b4;
2861 b5 = (tmp >> 34) | (tmp << (64 - 34));
2862 b4 -= b5 + k2;
2863 b5 -= k3 + t1;
2864
2865 tmp = b3 ^ b2;
2866 b3 = (tmp >> 30) | (tmp << (64 - 30));
2867 b2 -= b3 + k0;
2868 b3 -= k1;
2869
2870 tmp = b1 ^ b0;
2871 b1 = (tmp >> 39) | (tmp << (64 - 39));
2872 b0 -= b1 + k7;
2873 b1 -= k8;
2874
2875 tmp = b3 ^ b4;
2876 b3 = (tmp >> 56) | (tmp << (64 - 56));
2877 b4 -= b3;
2878
2879 tmp = b5 ^ b2;
2880 b5 = (tmp >> 54) | (tmp << (64 - 54));
2881 b2 -= b5;
2882
2883 tmp = b7 ^ b0;
2884 b7 = (tmp >> 9) | (tmp << (64 - 9));
2885 b0 -= b7;
2886
2887 tmp = b1 ^ b6;
2888 b1 = (tmp >> 44) | (tmp << (64 - 44));
2889 b6 -= b1;
2890
2891 tmp = b7 ^ b2;
2892 b7 = (tmp >> 39) | (tmp << (64 - 39));
2893 b2 -= b7;
2894
2895 tmp = b5 ^ b0;
2896 b5 = (tmp >> 36) | (tmp << (64 - 36));
2897 b0 -= b5;
2898
2899 tmp = b3 ^ b6;
2900 b3 = (tmp >> 49) | (tmp << (64 - 49));
2901 b6 -= b3;
2902
2903 tmp = b1 ^ b4;
2904 b1 = (tmp >> 17) | (tmp << (64 - 17));
2905 b4 -= b1;
2906
2907 tmp = b3 ^ b0;
2908 b3 = (tmp >> 42) | (tmp << (64 - 42));
2909 b0 -= b3;
2910
2911 tmp = b5 ^ b6;
2912 b5 = (tmp >> 14) | (tmp << (64 - 14));
2913 b6 -= b5;
2914
2915 tmp = b7 ^ b4;
2916 b7 = (tmp >> 27) | (tmp << (64 - 27));
2917 b4 -= b7;
2918
2919 tmp = b1 ^ b2;
2920 b1 = (tmp >> 33) | (tmp << (64 - 33));
2921 b2 -= b1;
2922
2923 tmp = b7 ^ b6;
2924 b7 = (tmp >> 37) | (tmp << (64 - 37));
2925 b6 -= b7 + k3 + t1;
2926 b7 -= k4 + 6;
2927
2928 tmp = b5 ^ b4;
2929 b5 = (tmp >> 19) | (tmp << (64 - 19));
2930 b4 -= b5 + k1;
2931 b5 -= k2 + t0;
2932
2933 tmp = b3 ^ b2;
2934 b3 = (tmp >> 36) | (tmp << (64 - 36));
2935 b2 -= b3 + k8;
2936 b3 -= k0;
2937
2938 tmp = b1 ^ b0;
2939 b1 = (tmp >> 46) | (tmp << (64 - 46));
2940 b0 -= b1 + k6;
2941 b1 -= k7;
2942
2943 tmp = b3 ^ b4;
2944 b3 = (tmp >> 22) | (tmp << (64 - 22));
2945 b4 -= b3;
2946
2947 tmp = b5 ^ b2;
2948 b5 = (tmp >> 56) | (tmp << (64 - 56));
2949 b2 -= b5;
2950
2951 tmp = b7 ^ b0;
2952 b7 = (tmp >> 35) | (tmp << (64 - 35));
2953 b0 -= b7;
2954
2955 tmp = b1 ^ b6;
2956 b1 = (tmp >> 8) | (tmp << (64 - 8));
2957 b6 -= b1;
2958
2959 tmp = b7 ^ b2;
2960 b7 = (tmp >> 43) | (tmp << (64 - 43));
2961 b2 -= b7;
2962
2963 tmp = b5 ^ b0;
2964 b5 = (tmp >> 39) | (tmp << (64 - 39));
2965 b0 -= b5;
2966
2967 tmp = b3 ^ b6;
2968 b3 = (tmp >> 29) | (tmp << (64 - 29));
2969 b6 -= b3;
2970
2971 tmp = b1 ^ b4;
2972 b1 = (tmp >> 25) | (tmp << (64 - 25));
2973 b4 -= b1;
2974
2975 tmp = b3 ^ b0;
2976 b3 = (tmp >> 17) | (tmp << (64 - 17));
2977 b0 -= b3;
2978
2979 tmp = b5 ^ b6;
2980 b5 = (tmp >> 10) | (tmp << (64 - 10));
2981 b6 -= b5;
2982
2983 tmp = b7 ^ b4;
2984 b7 = (tmp >> 50) | (tmp << (64 - 50));
2985 b4 -= b7;
2986
2987 tmp = b1 ^ b2;
2988 b1 = (tmp >> 13) | (tmp << (64 - 13));
2989 b2 -= b1;
2990
2991 tmp = b7 ^ b6;
2992 b7 = (tmp >> 24) | (tmp << (64 - 24));
2993 b6 -= b7 + k2 + t0;
2994 b7 -= k3 + 5;
2995
2996 tmp = b5 ^ b4;
2997 b5 = (tmp >> 34) | (tmp << (64 - 34));
2998 b4 -= b5 + k0;
2999 b5 -= k1 + t2;
3000
3001 tmp = b3 ^ b2;
3002 b3 = (tmp >> 30) | (tmp << (64 - 30));
3003 b2 -= b3 + k7;
3004 b3 -= k8;
3005
3006 tmp = b1 ^ b0;
3007 b1 = (tmp >> 39) | (tmp << (64 - 39));
3008 b0 -= b1 + k5;
3009 b1 -= k6;
3010
3011 tmp = b3 ^ b4;
3012 b3 = (tmp >> 56) | (tmp << (64 - 56));
3013 b4 -= b3;
3014
3015 tmp = b5 ^ b2;
3016 b5 = (tmp >> 54) | (tmp << (64 - 54));
3017 b2 -= b5;
3018
3019 tmp = b7 ^ b0;
3020 b7 = (tmp >> 9) | (tmp << (64 - 9));
3021 b0 -= b7;
3022
3023 tmp = b1 ^ b6;
3024 b1 = (tmp >> 44) | (tmp << (64 - 44));
3025 b6 -= b1;
3026
3027 tmp = b7 ^ b2;
3028 b7 = (tmp >> 39) | (tmp << (64 - 39));
3029 b2 -= b7;
3030
3031 tmp = b5 ^ b0;
3032 b5 = (tmp >> 36) | (tmp << (64 - 36));
3033 b0 -= b5;
3034
3035 tmp = b3 ^ b6;
3036 b3 = (tmp >> 49) | (tmp << (64 - 49));
3037 b6 -= b3;
3038
3039 tmp = b1 ^ b4;
3040 b1 = (tmp >> 17) | (tmp << (64 - 17));
3041 b4 -= b1;
3042
3043 tmp = b3 ^ b0;
3044 b3 = (tmp >> 42) | (tmp << (64 - 42));
3045 b0 -= b3;
3046
3047 tmp = b5 ^ b6;
3048 b5 = (tmp >> 14) | (tmp << (64 - 14));
3049 b6 -= b5;
3050
3051 tmp = b7 ^ b4;
3052 b7 = (tmp >> 27) | (tmp << (64 - 27));
3053 b4 -= b7;
3054
3055 tmp = b1 ^ b2;
3056 b1 = (tmp >> 33) | (tmp << (64 - 33));
3057 b2 -= b1;
3058
3059 tmp = b7 ^ b6;
3060 b7 = (tmp >> 37) | (tmp << (64 - 37));
3061 b6 -= b7 + k1 + t2;
3062 b7 -= k2 + 4;
3063
3064 tmp = b5 ^ b4;
3065 b5 = (tmp >> 19) | (tmp << (64 - 19));
3066 b4 -= b5 + k8;
3067 b5 -= k0 + t1;
3068
3069 tmp = b3 ^ b2;
3070 b3 = (tmp >> 36) | (tmp << (64 - 36));
3071 b2 -= b3 + k6;
3072 b3 -= k7;
3073
3074 tmp = b1 ^ b0;
3075 b1 = (tmp >> 46) | (tmp << (64 - 46));
3076 b0 -= b1 + k4;
3077 b1 -= k5;
3078
3079 tmp = b3 ^ b4;
3080 b3 = (tmp >> 22) | (tmp << (64 - 22));
3081 b4 -= b3;
3082
3083 tmp = b5 ^ b2;
3084 b5 = (tmp >> 56) | (tmp << (64 - 56));
3085 b2 -= b5;
3086
3087 tmp = b7 ^ b0;
3088 b7 = (tmp >> 35) | (tmp << (64 - 35));
3089 b0 -= b7;
3090
3091 tmp = b1 ^ b6;
3092 b1 = (tmp >> 8) | (tmp << (64 - 8));
3093 b6 -= b1;
3094
3095 tmp = b7 ^ b2;
3096 b7 = (tmp >> 43) | (tmp << (64 - 43));
3097 b2 -= b7;
3098
3099 tmp = b5 ^ b0;
3100 b5 = (tmp >> 39) | (tmp << (64 - 39));
3101 b0 -= b5;
3102
3103 tmp = b3 ^ b6;
3104 b3 = (tmp >> 29) | (tmp << (64 - 29));
3105 b6 -= b3;
3106
3107 tmp = b1 ^ b4;
3108 b1 = (tmp >> 25) | (tmp << (64 - 25));
3109 b4 -= b1;
3110
3111 tmp = b3 ^ b0;
3112 b3 = (tmp >> 17) | (tmp << (64 - 17));
3113 b0 -= b3;
3114
3115 tmp = b5 ^ b6;
3116 b5 = (tmp >> 10) | (tmp << (64 - 10));
3117 b6 -= b5;
3118
3119 tmp = b7 ^ b4;
3120 b7 = (tmp >> 50) | (tmp << (64 - 50));
3121 b4 -= b7;
3122
3123 tmp = b1 ^ b2;
3124 b1 = (tmp >> 13) | (tmp << (64 - 13));
3125 b2 -= b1;
3126
3127 tmp = b7 ^ b6;
3128 b7 = (tmp >> 24) | (tmp << (64 - 24));
3129 b6 -= b7 + k0 + t1;
3130 b7 -= k1 + 3;
3131
3132 tmp = b5 ^ b4;
3133 b5 = (tmp >> 34) | (tmp << (64 - 34));
3134 b4 -= b5 + k7;
3135 b5 -= k8 + t0;
3136
3137 tmp = b3 ^ b2;
3138 b3 = (tmp >> 30) | (tmp << (64 - 30));
3139 b2 -= b3 + k5;
3140 b3 -= k6;
3141
3142 tmp = b1 ^ b0;
3143 b1 = (tmp >> 39) | (tmp << (64 - 39));
3144 b0 -= b1 + k3;
3145 b1 -= k4;
3146
3147 tmp = b3 ^ b4;
3148 b3 = (tmp >> 56) | (tmp << (64 - 56));
3149 b4 -= b3;
3150
3151 tmp = b5 ^ b2;
3152 b5 = (tmp >> 54) | (tmp << (64 - 54));
3153 b2 -= b5;
3154
3155 tmp = b7 ^ b0;
3156 b7 = (tmp >> 9) | (tmp << (64 - 9));
3157 b0 -= b7;
3158
3159 tmp = b1 ^ b6;
3160 b1 = (tmp >> 44) | (tmp << (64 - 44));
3161 b6 -= b1;
3162
3163 tmp = b7 ^ b2;
3164 b7 = (tmp >> 39) | (tmp << (64 - 39));
3165 b2 -= b7;
3166
3167 tmp = b5 ^ b0;
3168 b5 = (tmp >> 36) | (tmp << (64 - 36));
3169 b0 -= b5;
3170
3171 tmp = b3 ^ b6;
3172 b3 = (tmp >> 49) | (tmp << (64 - 49));
3173 b6 -= b3;
3174
3175 tmp = b1 ^ b4;
3176 b1 = (tmp >> 17) | (tmp << (64 - 17));
3177 b4 -= b1;
3178
3179 tmp = b3 ^ b0;
3180 b3 = (tmp >> 42) | (tmp << (64 - 42));
3181 b0 -= b3;
3182
3183 tmp = b5 ^ b6;
3184 b5 = (tmp >> 14) | (tmp << (64 - 14));
3185 b6 -= b5;
3186
3187 tmp = b7 ^ b4;
3188 b7 = (tmp >> 27) | (tmp << (64 - 27));
3189 b4 -= b7;
3190
3191 tmp = b1 ^ b2;
3192 b1 = (tmp >> 33) | (tmp << (64 - 33));
3193 b2 -= b1;
3194
3195 tmp = b7 ^ b6;
3196 b7 = (tmp >> 37) | (tmp << (64 - 37));
3197 b6 -= b7 + k8 + t0;
3198 b7 -= k0 + 2;
3199
3200 tmp = b5 ^ b4;
3201 b5 = (tmp >> 19) | (tmp << (64 - 19));
3202 b4 -= b5 + k6;
3203 b5 -= k7 + t2;
3204
3205 tmp = b3 ^ b2;
3206 b3 = (tmp >> 36) | (tmp << (64 - 36));
3207 b2 -= b3 + k4;
3208 b3 -= k5;
3209
3210 tmp = b1 ^ b0;
3211 b1 = (tmp >> 46) | (tmp << (64 - 46));
3212 b0 -= b1 + k2;
3213 b1 -= k3;
3214
3215 tmp = b3 ^ b4;
3216 b3 = (tmp >> 22) | (tmp << (64 - 22));
3217 b4 -= b3;
3218
3219 tmp = b5 ^ b2;
3220 b5 = (tmp >> 56) | (tmp << (64 - 56));
3221 b2 -= b5;
3222
3223 tmp = b7 ^ b0;
3224 b7 = (tmp >> 35) | (tmp << (64 - 35));
3225 b0 -= b7;
3226
3227 tmp = b1 ^ b6;
3228 b1 = (tmp >> 8) | (tmp << (64 - 8));
3229 b6 -= b1;
3230
3231 tmp = b7 ^ b2;
3232 b7 = (tmp >> 43) | (tmp << (64 - 43));
3233 b2 -= b7;
3234
3235 tmp = b5 ^ b0;
3236 b5 = (tmp >> 39) | (tmp << (64 - 39));
3237 b0 -= b5;
3238
3239 tmp = b3 ^ b6;
3240 b3 = (tmp >> 29) | (tmp << (64 - 29));
3241 b6 -= b3;
3242
3243 tmp = b1 ^ b4;
3244 b1 = (tmp >> 25) | (tmp << (64 - 25));
3245 b4 -= b1;
3246
3247 tmp = b3 ^ b0;
3248 b3 = (tmp >> 17) | (tmp << (64 - 17));
3249 b0 -= b3;
3250
3251 tmp = b5 ^ b6;
3252 b5 = (tmp >> 10) | (tmp << (64 - 10));
3253 b6 -= b5;
3254
3255 tmp = b7 ^ b4;
3256 b7 = (tmp >> 50) | (tmp << (64 - 50));
3257 b4 -= b7;
3258
3259 tmp = b1 ^ b2;
3260 b1 = (tmp >> 13) | (tmp << (64 - 13));
3261 b2 -= b1;
3262
3263 tmp = b7 ^ b6;
3264 b7 = (tmp >> 24) | (tmp << (64 - 24));
3265 b6 -= b7 + k7 + t2;
3266 b7 -= k8 + 1;
3267
3268 tmp = b5 ^ b4;
3269 b5 = (tmp >> 34) | (tmp << (64 - 34));
3270 b4 -= b5 + k5;
3271 b5 -= k6 + t1;
3272
3273 tmp = b3 ^ b2;
3274 b3 = (tmp >> 30) | (tmp << (64 - 30));
3275 b2 -= b3 + k3;
3276 b3 -= k4;
3277
3278 tmp = b1 ^ b0;
3279 b1 = (tmp >> 39) | (tmp << (64 - 39));
3280 b0 -= b1 + k1;
3281 b1 -= k2;
3282
3283 tmp = b3 ^ b4;
3284 b3 = (tmp >> 56) | (tmp << (64 - 56));
3285 b4 -= b3;
3286
3287 tmp = b5 ^ b2;
3288 b5 = (tmp >> 54) | (tmp << (64 - 54));
3289 b2 -= b5;
3290
3291 tmp = b7 ^ b0;
3292 b7 = (tmp >> 9) | (tmp << (64 - 9));
3293 b0 -= b7;
3294
3295 tmp = b1 ^ b6;
3296 b1 = (tmp >> 44) | (tmp << (64 - 44));
3297 b6 -= b1;
3298
3299 tmp = b7 ^ b2;
3300 b7 = (tmp >> 39) | (tmp << (64 - 39));
3301 b2 -= b7;
3302
3303 tmp = b5 ^ b0;
3304 b5 = (tmp >> 36) | (tmp << (64 - 36));
3305 b0 -= b5;
3306
3307 tmp = b3 ^ b6;
3308 b3 = (tmp >> 49) | (tmp << (64 - 49));
3309 b6 -= b3;
3310
3311 tmp = b1 ^ b4;
3312 b1 = (tmp >> 17) | (tmp << (64 - 17));
3313 b4 -= b1;
3314
3315 tmp = b3 ^ b0;
3316 b3 = (tmp >> 42) | (tmp << (64 - 42));
3317 b0 -= b3;
3318
3319 tmp = b5 ^ b6;
3320 b5 = (tmp >> 14) | (tmp << (64 - 14));
3321 b6 -= b5;
3322
3323 tmp = b7 ^ b4;
3324 b7 = (tmp >> 27) | (tmp << (64 - 27));
3325 b4 -= b7;
3326
3327 tmp = b1 ^ b2;
3328 b1 = (tmp >> 33) | (tmp << (64 - 33));
3329 b2 -= b1;
3330
3331 tmp = b7 ^ b6;
3332 b7 = (tmp >> 37) | (tmp << (64 - 37));
3333 b6 -= b7 + k6 + t1;
3334 b7 -= k7;
3335
3336 tmp = b5 ^ b4;
3337 b5 = (tmp >> 19) | (tmp << (64 - 19));
3338 b4 -= b5 + k4;
3339 b5 -= k5 + t0;
3340
3341 tmp = b3 ^ b2;
3342 b3 = (tmp >> 36) | (tmp << (64 - 36));
3343 b2 -= b3 + k2;
3344 b3 -= k3;
3345
3346 tmp = b1 ^ b0;
3347 b1 = (tmp >> 46) | (tmp << (64 - 46));
3348 b0 -= b1 + k0;
3349 b1 -= k1;
3350
3351 output[0] = b0;
3352 output[1] = b1;
3353 output[2] = b2;
3354 output[3] = b3;
3355
3356 output[7] = b7;
3357 output[6] = b6;
3358 output[5] = b5;
3359 output[4] = b4;
3360 }
3361
3362 void threefish_encrypt_1024(struct threefish_key *key_ctx, u64 *input,
3363 u64 *output)
3364 {
3365 u64 b0 = input[0], b1 = input[1],
3366 b2 = input[2], b3 = input[3],
3367 b4 = input[4], b5 = input[5],
3368 b6 = input[6], b7 = input[7],
3369 b8 = input[8], b9 = input[9],
3370 b10 = input[10], b11 = input[11],
3371 b12 = input[12], b13 = input[13],
3372 b14 = input[14], b15 = input[15];
3373 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
3374 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
3375 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
3376 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
3377 k8 = key_ctx->key[8], k9 = key_ctx->key[9],
3378 k10 = key_ctx->key[10], k11 = key_ctx->key[11],
3379 k12 = key_ctx->key[12], k13 = key_ctx->key[13],
3380 k14 = key_ctx->key[14], k15 = key_ctx->key[15],
3381 k16 = key_ctx->key[16];
3382 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
3383 t2 = key_ctx->tweak[2];
3384
3385 b1 += k1;
3386 b0 += b1 + k0;
3387 b1 = rol64(b1, 24) ^ b0;
3388
3389 b3 += k3;
3390 b2 += b3 + k2;
3391 b3 = rol64(b3, 13) ^ b2;
3392
3393 b5 += k5;
3394 b4 += b5 + k4;
3395 b5 = rol64(b5, 8) ^ b4;
3396
3397 b7 += k7;
3398 b6 += b7 + k6;
3399 b7 = rol64(b7, 47) ^ b6;
3400
3401 b9 += k9;
3402 b8 += b9 + k8;
3403 b9 = rol64(b9, 8) ^ b8;
3404
3405 b11 += k11;
3406 b10 += b11 + k10;
3407 b11 = rol64(b11, 17) ^ b10;
3408
3409 b13 += k13 + t0;
3410 b12 += b13 + k12;
3411 b13 = rol64(b13, 22) ^ b12;
3412
3413 b15 += k15;
3414 b14 += b15 + k14 + t1;
3415 b15 = rol64(b15, 37) ^ b14;
3416
3417 b0 += b9;
3418 b9 = rol64(b9, 38) ^ b0;
3419
3420 b2 += b13;
3421 b13 = rol64(b13, 19) ^ b2;
3422
3423 b6 += b11;
3424 b11 = rol64(b11, 10) ^ b6;
3425
3426 b4 += b15;
3427 b15 = rol64(b15, 55) ^ b4;
3428
3429 b10 += b7;
3430 b7 = rol64(b7, 49) ^ b10;
3431
3432 b12 += b3;
3433 b3 = rol64(b3, 18) ^ b12;
3434
3435 b14 += b5;
3436 b5 = rol64(b5, 23) ^ b14;
3437
3438 b8 += b1;
3439 b1 = rol64(b1, 52) ^ b8;
3440
3441 b0 += b7;
3442 b7 = rol64(b7, 33) ^ b0;
3443
3444 b2 += b5;
3445 b5 = rol64(b5, 4) ^ b2;
3446
3447 b4 += b3;
3448 b3 = rol64(b3, 51) ^ b4;
3449
3450 b6 += b1;
3451 b1 = rol64(b1, 13) ^ b6;
3452
3453 b12 += b15;
3454 b15 = rol64(b15, 34) ^ b12;
3455
3456 b14 += b13;
3457 b13 = rol64(b13, 41) ^ b14;
3458
3459 b8 += b11;
3460 b11 = rol64(b11, 59) ^ b8;
3461
3462 b10 += b9;
3463 b9 = rol64(b9, 17) ^ b10;
3464
3465 b0 += b15;
3466 b15 = rol64(b15, 5) ^ b0;
3467
3468 b2 += b11;
3469 b11 = rol64(b11, 20) ^ b2;
3470
3471 b6 += b13;
3472 b13 = rol64(b13, 48) ^ b6;
3473
3474 b4 += b9;
3475 b9 = rol64(b9, 41) ^ b4;
3476
3477 b14 += b1;
3478 b1 = rol64(b1, 47) ^ b14;
3479
3480 b8 += b5;
3481 b5 = rol64(b5, 28) ^ b8;
3482
3483 b10 += b3;
3484 b3 = rol64(b3, 16) ^ b10;
3485
3486 b12 += b7;
3487 b7 = rol64(b7, 25) ^ b12;
3488
3489 b1 += k2;
3490 b0 += b1 + k1;
3491 b1 = rol64(b1, 41) ^ b0;
3492
3493 b3 += k4;
3494 b2 += b3 + k3;
3495 b3 = rol64(b3, 9) ^ b2;
3496
3497 b5 += k6;
3498 b4 += b5 + k5;
3499 b5 = rol64(b5, 37) ^ b4;
3500
3501 b7 += k8;
3502 b6 += b7 + k7;
3503 b7 = rol64(b7, 31) ^ b6;
3504
3505 b9 += k10;
3506 b8 += b9 + k9;
3507 b9 = rol64(b9, 12) ^ b8;
3508
3509 b11 += k12;
3510 b10 += b11 + k11;
3511 b11 = rol64(b11, 47) ^ b10;
3512
3513 b13 += k14 + t1;
3514 b12 += b13 + k13;
3515 b13 = rol64(b13, 44) ^ b12;
3516
3517 b15 += k16 + 1;
3518 b14 += b15 + k15 + t2;
3519 b15 = rol64(b15, 30) ^ b14;
3520
3521 b0 += b9;
3522 b9 = rol64(b9, 16) ^ b0;
3523
3524 b2 += b13;
3525 b13 = rol64(b13, 34) ^ b2;
3526
3527 b6 += b11;
3528 b11 = rol64(b11, 56) ^ b6;
3529
3530 b4 += b15;
3531 b15 = rol64(b15, 51) ^ b4;
3532
3533 b10 += b7;
3534 b7 = rol64(b7, 4) ^ b10;
3535
3536 b12 += b3;
3537 b3 = rol64(b3, 53) ^ b12;
3538
3539 b14 += b5;
3540 b5 = rol64(b5, 42) ^ b14;
3541
3542 b8 += b1;
3543 b1 = rol64(b1, 41) ^ b8;
3544
3545 b0 += b7;
3546 b7 = rol64(b7, 31) ^ b0;
3547
3548 b2 += b5;
3549 b5 = rol64(b5, 44) ^ b2;
3550
3551 b4 += b3;
3552 b3 = rol64(b3, 47) ^ b4;
3553
3554 b6 += b1;
3555 b1 = rol64(b1, 46) ^ b6;
3556
3557 b12 += b15;
3558 b15 = rol64(b15, 19) ^ b12;
3559
3560 b14 += b13;
3561 b13 = rol64(b13, 42) ^ b14;
3562
3563 b8 += b11;
3564 b11 = rol64(b11, 44) ^ b8;
3565
3566 b10 += b9;
3567 b9 = rol64(b9, 25) ^ b10;
3568
3569 b0 += b15;
3570 b15 = rol64(b15, 9) ^ b0;
3571
3572 b2 += b11;
3573 b11 = rol64(b11, 48) ^ b2;
3574
3575 b6 += b13;
3576 b13 = rol64(b13, 35) ^ b6;
3577
3578 b4 += b9;
3579 b9 = rol64(b9, 52) ^ b4;
3580
3581 b14 += b1;
3582 b1 = rol64(b1, 23) ^ b14;
3583
3584 b8 += b5;
3585 b5 = rol64(b5, 31) ^ b8;
3586
3587 b10 += b3;
3588 b3 = rol64(b3, 37) ^ b10;
3589
3590 b12 += b7;
3591 b7 = rol64(b7, 20) ^ b12;
3592
3593 b1 += k3;
3594 b0 += b1 + k2;
3595 b1 = rol64(b1, 24) ^ b0;
3596
3597 b3 += k5;
3598 b2 += b3 + k4;
3599 b3 = rol64(b3, 13) ^ b2;
3600
3601 b5 += k7;
3602 b4 += b5 + k6;
3603 b5 = rol64(b5, 8) ^ b4;
3604
3605 b7 += k9;
3606 b6 += b7 + k8;
3607 b7 = rol64(b7, 47) ^ b6;
3608
3609 b9 += k11;
3610 b8 += b9 + k10;
3611 b9 = rol64(b9, 8) ^ b8;
3612
3613 b11 += k13;
3614 b10 += b11 + k12;
3615 b11 = rol64(b11, 17) ^ b10;
3616
3617 b13 += k15 + t2;
3618 b12 += b13 + k14;
3619 b13 = rol64(b13, 22) ^ b12;
3620
3621 b15 += k0 + 2;
3622 b14 += b15 + k16 + t0;
3623 b15 = rol64(b15, 37) ^ b14;
3624
3625 b0 += b9;
3626 b9 = rol64(b9, 38) ^ b0;
3627
3628 b2 += b13;
3629 b13 = rol64(b13, 19) ^ b2;
3630
3631 b6 += b11;
3632 b11 = rol64(b11, 10) ^ b6;
3633
3634 b4 += b15;
3635 b15 = rol64(b15, 55) ^ b4;
3636
3637 b10 += b7;
3638 b7 = rol64(b7, 49) ^ b10;
3639
3640 b12 += b3;
3641 b3 = rol64(b3, 18) ^ b12;
3642
3643 b14 += b5;
3644 b5 = rol64(b5, 23) ^ b14;
3645
3646 b8 += b1;
3647 b1 = rol64(b1, 52) ^ b8;
3648
3649 b0 += b7;
3650 b7 = rol64(b7, 33) ^ b0;
3651
3652 b2 += b5;
3653 b5 = rol64(b5, 4) ^ b2;
3654
3655 b4 += b3;
3656 b3 = rol64(b3, 51) ^ b4;
3657
3658 b6 += b1;
3659 b1 = rol64(b1, 13) ^ b6;
3660
3661 b12 += b15;
3662 b15 = rol64(b15, 34) ^ b12;
3663
3664 b14 += b13;
3665 b13 = rol64(b13, 41) ^ b14;
3666
3667 b8 += b11;
3668 b11 = rol64(b11, 59) ^ b8;
3669
3670 b10 += b9;
3671 b9 = rol64(b9, 17) ^ b10;
3672
3673 b0 += b15;
3674 b15 = rol64(b15, 5) ^ b0;
3675
3676 b2 += b11;
3677 b11 = rol64(b11, 20) ^ b2;
3678
3679 b6 += b13;
3680 b13 = rol64(b13, 48) ^ b6;
3681
3682 b4 += b9;
3683 b9 = rol64(b9, 41) ^ b4;
3684
3685 b14 += b1;
3686 b1 = rol64(b1, 47) ^ b14;
3687
3688 b8 += b5;
3689 b5 = rol64(b5, 28) ^ b8;
3690
3691 b10 += b3;
3692 b3 = rol64(b3, 16) ^ b10;
3693
3694 b12 += b7;
3695 b7 = rol64(b7, 25) ^ b12;
3696
3697 b1 += k4;
3698 b0 += b1 + k3;
3699 b1 = rol64(b1, 41) ^ b0;
3700
3701 b3 += k6;
3702 b2 += b3 + k5;
3703 b3 = rol64(b3, 9) ^ b2;
3704
3705 b5 += k8;
3706 b4 += b5 + k7;
3707 b5 = rol64(b5, 37) ^ b4;
3708
3709 b7 += k10;
3710 b6 += b7 + k9;
3711 b7 = rol64(b7, 31) ^ b6;
3712
3713 b9 += k12;
3714 b8 += b9 + k11;
3715 b9 = rol64(b9, 12) ^ b8;
3716
3717 b11 += k14;
3718 b10 += b11 + k13;
3719 b11 = rol64(b11, 47) ^ b10;
3720
3721 b13 += k16 + t0;
3722 b12 += b13 + k15;
3723 b13 = rol64(b13, 44) ^ b12;
3724
3725 b15 += k1 + 3;
3726 b14 += b15 + k0 + t1;
3727 b15 = rol64(b15, 30) ^ b14;
3728
3729 b0 += b9;
3730 b9 = rol64(b9, 16) ^ b0;
3731
3732 b2 += b13;
3733 b13 = rol64(b13, 34) ^ b2;
3734
3735 b6 += b11;
3736 b11 = rol64(b11, 56) ^ b6;
3737
3738 b4 += b15;
3739 b15 = rol64(b15, 51) ^ b4;
3740
3741 b10 += b7;
3742 b7 = rol64(b7, 4) ^ b10;
3743
3744 b12 += b3;
3745 b3 = rol64(b3, 53) ^ b12;
3746
3747 b14 += b5;
3748 b5 = rol64(b5, 42) ^ b14;
3749
3750 b8 += b1;
3751 b1 = rol64(b1, 41) ^ b8;
3752
3753 b0 += b7;
3754 b7 = rol64(b7, 31) ^ b0;
3755
3756 b2 += b5;
3757 b5 = rol64(b5, 44) ^ b2;
3758
3759 b4 += b3;
3760 b3 = rol64(b3, 47) ^ b4;
3761
3762 b6 += b1;
3763 b1 = rol64(b1, 46) ^ b6;
3764
3765 b12 += b15;
3766 b15 = rol64(b15, 19) ^ b12;
3767
3768 b14 += b13;
3769 b13 = rol64(b13, 42) ^ b14;
3770
3771 b8 += b11;
3772 b11 = rol64(b11, 44) ^ b8;
3773
3774 b10 += b9;
3775 b9 = rol64(b9, 25) ^ b10;
3776
3777 b0 += b15;
3778 b15 = rol64(b15, 9) ^ b0;
3779
3780 b2 += b11;
3781 b11 = rol64(b11, 48) ^ b2;
3782
3783 b6 += b13;
3784 b13 = rol64(b13, 35) ^ b6;
3785
3786 b4 += b9;
3787 b9 = rol64(b9, 52) ^ b4;
3788
3789 b14 += b1;
3790 b1 = rol64(b1, 23) ^ b14;
3791
3792 b8 += b5;
3793 b5 = rol64(b5, 31) ^ b8;
3794
3795 b10 += b3;
3796 b3 = rol64(b3, 37) ^ b10;
3797
3798 b12 += b7;
3799 b7 = rol64(b7, 20) ^ b12;
3800
3801 b1 += k5;
3802 b0 += b1 + k4;
3803 b1 = rol64(b1, 24) ^ b0;
3804
3805 b3 += k7;
3806 b2 += b3 + k6;
3807 b3 = rol64(b3, 13) ^ b2;
3808
3809 b5 += k9;
3810 b4 += b5 + k8;
3811 b5 = rol64(b5, 8) ^ b4;
3812
3813 b7 += k11;
3814 b6 += b7 + k10;
3815 b7 = rol64(b7, 47) ^ b6;
3816
3817 b9 += k13;
3818 b8 += b9 + k12;
3819 b9 = rol64(b9, 8) ^ b8;
3820
3821 b11 += k15;
3822 b10 += b11 + k14;
3823 b11 = rol64(b11, 17) ^ b10;
3824
3825 b13 += k0 + t1;
3826 b12 += b13 + k16;
3827 b13 = rol64(b13, 22) ^ b12;
3828
3829 b15 += k2 + 4;
3830 b14 += b15 + k1 + t2;
3831 b15 = rol64(b15, 37) ^ b14;
3832
3833 b0 += b9;
3834 b9 = rol64(b9, 38) ^ b0;
3835
3836 b2 += b13;
3837 b13 = rol64(b13, 19) ^ b2;
3838
3839 b6 += b11;
3840 b11 = rol64(b11, 10) ^ b6;
3841
3842 b4 += b15;
3843 b15 = rol64(b15, 55) ^ b4;
3844
3845 b10 += b7;
3846 b7 = rol64(b7, 49) ^ b10;
3847
3848 b12 += b3;
3849 b3 = rol64(b3, 18) ^ b12;
3850
3851 b14 += b5;
3852 b5 = rol64(b5, 23) ^ b14;
3853
3854 b8 += b1;
3855 b1 = rol64(b1, 52) ^ b8;
3856
3857 b0 += b7;
3858 b7 = rol64(b7, 33) ^ b0;
3859
3860 b2 += b5;
3861 b5 = rol64(b5, 4) ^ b2;
3862
3863 b4 += b3;
3864 b3 = rol64(b3, 51) ^ b4;
3865
3866 b6 += b1;
3867 b1 = rol64(b1, 13) ^ b6;
3868
3869 b12 += b15;
3870 b15 = rol64(b15, 34) ^ b12;
3871
3872 b14 += b13;
3873 b13 = rol64(b13, 41) ^ b14;
3874
3875 b8 += b11;
3876 b11 = rol64(b11, 59) ^ b8;
3877
3878 b10 += b9;
3879 b9 = rol64(b9, 17) ^ b10;
3880
3881 b0 += b15;
3882 b15 = rol64(b15, 5) ^ b0;
3883
3884 b2 += b11;
3885 b11 = rol64(b11, 20) ^ b2;
3886
3887 b6 += b13;
3888 b13 = rol64(b13, 48) ^ b6;
3889
3890 b4 += b9;
3891 b9 = rol64(b9, 41) ^ b4;
3892
3893 b14 += b1;
3894 b1 = rol64(b1, 47) ^ b14;
3895
3896 b8 += b5;
3897 b5 = rol64(b5, 28) ^ b8;
3898
3899 b10 += b3;
3900 b3 = rol64(b3, 16) ^ b10;
3901
3902 b12 += b7;
3903 b7 = rol64(b7, 25) ^ b12;
3904
3905 b1 += k6;
3906 b0 += b1 + k5;
3907 b1 = rol64(b1, 41) ^ b0;
3908
3909 b3 += k8;
3910 b2 += b3 + k7;
3911 b3 = rol64(b3, 9) ^ b2;
3912
3913 b5 += k10;
3914 b4 += b5 + k9;
3915 b5 = rol64(b5, 37) ^ b4;
3916
3917 b7 += k12;
3918 b6 += b7 + k11;
3919 b7 = rol64(b7, 31) ^ b6;
3920
3921 b9 += k14;
3922 b8 += b9 + k13;
3923 b9 = rol64(b9, 12) ^ b8;
3924
3925 b11 += k16;
3926 b10 += b11 + k15;
3927 b11 = rol64(b11, 47) ^ b10;
3928
3929 b13 += k1 + t2;
3930 b12 += b13 + k0;
3931 b13 = rol64(b13, 44) ^ b12;
3932
3933 b15 += k3 + 5;
3934 b14 += b15 + k2 + t0;
3935 b15 = rol64(b15, 30) ^ b14;
3936
3937 b0 += b9;
3938 b9 = rol64(b9, 16) ^ b0;
3939
3940 b2 += b13;
3941 b13 = rol64(b13, 34) ^ b2;
3942
3943 b6 += b11;
3944 b11 = rol64(b11, 56) ^ b6;
3945
3946 b4 += b15;
3947 b15 = rol64(b15, 51) ^ b4;
3948
3949 b10 += b7;
3950 b7 = rol64(b7, 4) ^ b10;
3951
3952 b12 += b3;
3953 b3 = rol64(b3, 53) ^ b12;
3954
3955 b14 += b5;
3956 b5 = rol64(b5, 42) ^ b14;
3957
3958 b8 += b1;
3959 b1 = rol64(b1, 41) ^ b8;
3960
3961 b0 += b7;
3962 b7 = rol64(b7, 31) ^ b0;
3963
3964 b2 += b5;
3965 b5 = rol64(b5, 44) ^ b2;
3966
3967 b4 += b3;
3968 b3 = rol64(b3, 47) ^ b4;
3969
3970 b6 += b1;
3971 b1 = rol64(b1, 46) ^ b6;
3972
3973 b12 += b15;
3974 b15 = rol64(b15, 19) ^ b12;
3975
3976 b14 += b13;
3977 b13 = rol64(b13, 42) ^ b14;
3978
3979 b8 += b11;
3980 b11 = rol64(b11, 44) ^ b8;
3981
3982 b10 += b9;
3983 b9 = rol64(b9, 25) ^ b10;
3984
3985 b0 += b15;
3986 b15 = rol64(b15, 9) ^ b0;
3987
3988 b2 += b11;
3989 b11 = rol64(b11, 48) ^ b2;
3990
3991 b6 += b13;
3992 b13 = rol64(b13, 35) ^ b6;
3993
3994 b4 += b9;
3995 b9 = rol64(b9, 52) ^ b4;
3996
3997 b14 += b1;
3998 b1 = rol64(b1, 23) ^ b14;
3999
4000 b8 += b5;
4001 b5 = rol64(b5, 31) ^ b8;
4002
4003 b10 += b3;
4004 b3 = rol64(b3, 37) ^ b10;
4005
4006 b12 += b7;
4007 b7 = rol64(b7, 20) ^ b12;
4008
4009 b1 += k7;
4010 b0 += b1 + k6;
4011 b1 = rol64(b1, 24) ^ b0;
4012
4013 b3 += k9;
4014 b2 += b3 + k8;
4015 b3 = rol64(b3, 13) ^ b2;
4016
4017 b5 += k11;
4018 b4 += b5 + k10;
4019 b5 = rol64(b5, 8) ^ b4;
4020
4021 b7 += k13;
4022 b6 += b7 + k12;
4023 b7 = rol64(b7, 47) ^ b6;
4024
4025 b9 += k15;
4026 b8 += b9 + k14;
4027 b9 = rol64(b9, 8) ^ b8;
4028
4029 b11 += k0;
4030 b10 += b11 + k16;
4031 b11 = rol64(b11, 17) ^ b10;
4032
4033 b13 += k2 + t0;
4034 b12 += b13 + k1;
4035 b13 = rol64(b13, 22) ^ b12;
4036
4037 b15 += k4 + 6;
4038 b14 += b15 + k3 + t1;
4039 b15 = rol64(b15, 37) ^ b14;
4040
4041 b0 += b9;
4042 b9 = rol64(b9, 38) ^ b0;
4043
4044 b2 += b13;
4045 b13 = rol64(b13, 19) ^ b2;
4046
4047 b6 += b11;
4048 b11 = rol64(b11, 10) ^ b6;
4049
4050 b4 += b15;
4051 b15 = rol64(b15, 55) ^ b4;
4052
4053 b10 += b7;
4054 b7 = rol64(b7, 49) ^ b10;
4055
4056 b12 += b3;
4057 b3 = rol64(b3, 18) ^ b12;
4058
4059 b14 += b5;
4060 b5 = rol64(b5, 23) ^ b14;
4061
4062 b8 += b1;
4063 b1 = rol64(b1, 52) ^ b8;
4064
4065 b0 += b7;
4066 b7 = rol64(b7, 33) ^ b0;
4067
4068 b2 += b5;
4069 b5 = rol64(b5, 4) ^ b2;
4070
4071 b4 += b3;
4072 b3 = rol64(b3, 51) ^ b4;
4073
4074 b6 += b1;
4075 b1 = rol64(b1, 13) ^ b6;
4076
4077 b12 += b15;
4078 b15 = rol64(b15, 34) ^ b12;
4079
4080 b14 += b13;
4081 b13 = rol64(b13, 41) ^ b14;
4082
4083 b8 += b11;
4084 b11 = rol64(b11, 59) ^ b8;
4085
4086 b10 += b9;
4087 b9 = rol64(b9, 17) ^ b10;
4088
4089 b0 += b15;
4090 b15 = rol64(b15, 5) ^ b0;
4091
4092 b2 += b11;
4093 b11 = rol64(b11, 20) ^ b2;
4094
4095 b6 += b13;
4096 b13 = rol64(b13, 48) ^ b6;
4097
4098 b4 += b9;
4099 b9 = rol64(b9, 41) ^ b4;
4100
4101 b14 += b1;
4102 b1 = rol64(b1, 47) ^ b14;
4103
4104 b8 += b5;
4105 b5 = rol64(b5, 28) ^ b8;
4106
4107 b10 += b3;
4108 b3 = rol64(b3, 16) ^ b10;
4109
4110 b12 += b7;
4111 b7 = rol64(b7, 25) ^ b12;
4112
4113 b1 += k8;
4114 b0 += b1 + k7;
4115 b1 = rol64(b1, 41) ^ b0;
4116
4117 b3 += k10;
4118 b2 += b3 + k9;
4119 b3 = rol64(b3, 9) ^ b2;
4120
4121 b5 += k12;
4122 b4 += b5 + k11;
4123 b5 = rol64(b5, 37) ^ b4;
4124
4125 b7 += k14;
4126 b6 += b7 + k13;
4127 b7 = rol64(b7, 31) ^ b6;
4128
4129 b9 += k16;
4130 b8 += b9 + k15;
4131 b9 = rol64(b9, 12) ^ b8;
4132
4133 b11 += k1;
4134 b10 += b11 + k0;
4135 b11 = rol64(b11, 47) ^ b10;
4136
4137 b13 += k3 + t1;
4138 b12 += b13 + k2;
4139 b13 = rol64(b13, 44) ^ b12;
4140
4141 b15 += k5 + 7;
4142 b14 += b15 + k4 + t2;
4143 b15 = rol64(b15, 30) ^ b14;
4144
4145 b0 += b9;
4146 b9 = rol64(b9, 16) ^ b0;
4147
4148 b2 += b13;
4149 b13 = rol64(b13, 34) ^ b2;
4150
4151 b6 += b11;
4152 b11 = rol64(b11, 56) ^ b6;
4153
4154 b4 += b15;
4155 b15 = rol64(b15, 51) ^ b4;
4156
4157 b10 += b7;
4158 b7 = rol64(b7, 4) ^ b10;
4159
4160 b12 += b3;
4161 b3 = rol64(b3, 53) ^ b12;
4162
4163 b14 += b5;
4164 b5 = rol64(b5, 42) ^ b14;
4165
4166 b8 += b1;
4167 b1 = rol64(b1, 41) ^ b8;
4168
4169 b0 += b7;
4170 b7 = rol64(b7, 31) ^ b0;
4171
4172 b2 += b5;
4173 b5 = rol64(b5, 44) ^ b2;
4174
4175 b4 += b3;
4176 b3 = rol64(b3, 47) ^ b4;
4177
4178 b6 += b1;
4179 b1 = rol64(b1, 46) ^ b6;
4180
4181 b12 += b15;
4182 b15 = rol64(b15, 19) ^ b12;
4183
4184 b14 += b13;
4185 b13 = rol64(b13, 42) ^ b14;
4186
4187 b8 += b11;
4188 b11 = rol64(b11, 44) ^ b8;
4189
4190 b10 += b9;
4191 b9 = rol64(b9, 25) ^ b10;
4192
4193 b0 += b15;
4194 b15 = rol64(b15, 9) ^ b0;
4195
4196 b2 += b11;
4197 b11 = rol64(b11, 48) ^ b2;
4198
4199 b6 += b13;
4200 b13 = rol64(b13, 35) ^ b6;
4201
4202 b4 += b9;
4203 b9 = rol64(b9, 52) ^ b4;
4204
4205 b14 += b1;
4206 b1 = rol64(b1, 23) ^ b14;
4207
4208 b8 += b5;
4209 b5 = rol64(b5, 31) ^ b8;
4210
4211 b10 += b3;
4212 b3 = rol64(b3, 37) ^ b10;
4213
4214 b12 += b7;
4215 b7 = rol64(b7, 20) ^ b12;
4216
4217 b1 += k9;
4218 b0 += b1 + k8;
4219 b1 = rol64(b1, 24) ^ b0;
4220
4221 b3 += k11;
4222 b2 += b3 + k10;
4223 b3 = rol64(b3, 13) ^ b2;
4224
4225 b5 += k13;
4226 b4 += b5 + k12;
4227 b5 = rol64(b5, 8) ^ b4;
4228
4229 b7 += k15;
4230 b6 += b7 + k14;
4231 b7 = rol64(b7, 47) ^ b6;
4232
4233 b9 += k0;
4234 b8 += b9 + k16;
4235 b9 = rol64(b9, 8) ^ b8;
4236
4237 b11 += k2;
4238 b10 += b11 + k1;
4239 b11 = rol64(b11, 17) ^ b10;
4240
4241 b13 += k4 + t2;
4242 b12 += b13 + k3;
4243 b13 = rol64(b13, 22) ^ b12;
4244
4245 b15 += k6 + 8;
4246 b14 += b15 + k5 + t0;
4247 b15 = rol64(b15, 37) ^ b14;
4248
4249 b0 += b9;
4250 b9 = rol64(b9, 38) ^ b0;
4251
4252 b2 += b13;
4253 b13 = rol64(b13, 19) ^ b2;
4254
4255 b6 += b11;
4256 b11 = rol64(b11, 10) ^ b6;
4257
4258 b4 += b15;
4259 b15 = rol64(b15, 55) ^ b4;
4260
4261 b10 += b7;
4262 b7 = rol64(b7, 49) ^ b10;
4263
4264 b12 += b3;
4265 b3 = rol64(b3, 18) ^ b12;
4266
4267 b14 += b5;
4268 b5 = rol64(b5, 23) ^ b14;
4269
4270 b8 += b1;
4271 b1 = rol64(b1, 52) ^ b8;
4272
4273 b0 += b7;
4274 b7 = rol64(b7, 33) ^ b0;
4275
4276 b2 += b5;
4277 b5 = rol64(b5, 4) ^ b2;
4278
4279 b4 += b3;
4280 b3 = rol64(b3, 51) ^ b4;
4281
4282 b6 += b1;
4283 b1 = rol64(b1, 13) ^ b6;
4284
4285 b12 += b15;
4286 b15 = rol64(b15, 34) ^ b12;
4287
4288 b14 += b13;
4289 b13 = rol64(b13, 41) ^ b14;
4290
4291 b8 += b11;
4292 b11 = rol64(b11, 59) ^ b8;
4293
4294 b10 += b9;
4295 b9 = rol64(b9, 17) ^ b10;
4296
4297 b0 += b15;
4298 b15 = rol64(b15, 5) ^ b0;
4299
4300 b2 += b11;
4301 b11 = rol64(b11, 20) ^ b2;
4302
4303 b6 += b13;
4304 b13 = rol64(b13, 48) ^ b6;
4305
4306 b4 += b9;
4307 b9 = rol64(b9, 41) ^ b4;
4308
4309 b14 += b1;
4310 b1 = rol64(b1, 47) ^ b14;
4311
4312 b8 += b5;
4313 b5 = rol64(b5, 28) ^ b8;
4314
4315 b10 += b3;
4316 b3 = rol64(b3, 16) ^ b10;
4317
4318 b12 += b7;
4319 b7 = rol64(b7, 25) ^ b12;
4320
4321 b1 += k10;
4322 b0 += b1 + k9;
4323 b1 = rol64(b1, 41) ^ b0;
4324
4325 b3 += k12;
4326 b2 += b3 + k11;
4327 b3 = rol64(b3, 9) ^ b2;
4328
4329 b5 += k14;
4330 b4 += b5 + k13;
4331 b5 = rol64(b5, 37) ^ b4;
4332
4333 b7 += k16;
4334 b6 += b7 + k15;
4335 b7 = rol64(b7, 31) ^ b6;
4336
4337 b9 += k1;
4338 b8 += b9 + k0;
4339 b9 = rol64(b9, 12) ^ b8;
4340
4341 b11 += k3;
4342 b10 += b11 + k2;
4343 b11 = rol64(b11, 47) ^ b10;
4344
4345 b13 += k5 + t0;
4346 b12 += b13 + k4;
4347 b13 = rol64(b13, 44) ^ b12;
4348
4349 b15 += k7 + 9;
4350 b14 += b15 + k6 + t1;
4351 b15 = rol64(b15, 30) ^ b14;
4352
4353 b0 += b9;
4354 b9 = rol64(b9, 16) ^ b0;
4355
4356 b2 += b13;
4357 b13 = rol64(b13, 34) ^ b2;
4358
4359 b6 += b11;
4360 b11 = rol64(b11, 56) ^ b6;
4361
4362 b4 += b15;
4363 b15 = rol64(b15, 51) ^ b4;
4364
4365 b10 += b7;
4366 b7 = rol64(b7, 4) ^ b10;
4367
4368 b12 += b3;
4369 b3 = rol64(b3, 53) ^ b12;
4370
4371 b14 += b5;
4372 b5 = rol64(b5, 42) ^ b14;
4373
4374 b8 += b1;
4375 b1 = rol64(b1, 41) ^ b8;
4376
4377 b0 += b7;
4378 b7 = rol64(b7, 31) ^ b0;
4379
4380 b2 += b5;
4381 b5 = rol64(b5, 44) ^ b2;
4382
4383 b4 += b3;
4384 b3 = rol64(b3, 47) ^ b4;
4385
4386 b6 += b1;
4387 b1 = rol64(b1, 46) ^ b6;
4388
4389 b12 += b15;
4390 b15 = rol64(b15, 19) ^ b12;
4391
4392 b14 += b13;
4393 b13 = rol64(b13, 42) ^ b14;
4394
4395 b8 += b11;
4396 b11 = rol64(b11, 44) ^ b8;
4397
4398 b10 += b9;
4399 b9 = rol64(b9, 25) ^ b10;
4400
4401 b0 += b15;
4402 b15 = rol64(b15, 9) ^ b0;
4403
4404 b2 += b11;
4405 b11 = rol64(b11, 48) ^ b2;
4406
4407 b6 += b13;
4408 b13 = rol64(b13, 35) ^ b6;
4409
4410 b4 += b9;
4411 b9 = rol64(b9, 52) ^ b4;
4412
4413 b14 += b1;
4414 b1 = rol64(b1, 23) ^ b14;
4415
4416 b8 += b5;
4417 b5 = rol64(b5, 31) ^ b8;
4418
4419 b10 += b3;
4420 b3 = rol64(b3, 37) ^ b10;
4421
4422 b12 += b7;
4423 b7 = rol64(b7, 20) ^ b12;
4424
4425 b1 += k11;
4426 b0 += b1 + k10;
4427 b1 = rol64(b1, 24) ^ b0;
4428
4429 b3 += k13;
4430 b2 += b3 + k12;
4431 b3 = rol64(b3, 13) ^ b2;
4432
4433 b5 += k15;
4434 b4 += b5 + k14;
4435 b5 = rol64(b5, 8) ^ b4;
4436
4437 b7 += k0;
4438 b6 += b7 + k16;
4439 b7 = rol64(b7, 47) ^ b6;
4440
4441 b9 += k2;
4442 b8 += b9 + k1;
4443 b9 = rol64(b9, 8) ^ b8;
4444
4445 b11 += k4;
4446 b10 += b11 + k3;
4447 b11 = rol64(b11, 17) ^ b10;
4448
4449 b13 += k6 + t1;
4450 b12 += b13 + k5;
4451 b13 = rol64(b13, 22) ^ b12;
4452
4453 b15 += k8 + 10;
4454 b14 += b15 + k7 + t2;
4455 b15 = rol64(b15, 37) ^ b14;
4456
4457 b0 += b9;
4458 b9 = rol64(b9, 38) ^ b0;
4459
4460 b2 += b13;
4461 b13 = rol64(b13, 19) ^ b2;
4462
4463 b6 += b11;
4464 b11 = rol64(b11, 10) ^ b6;
4465
4466 b4 += b15;
4467 b15 = rol64(b15, 55) ^ b4;
4468
4469 b10 += b7;
4470 b7 = rol64(b7, 49) ^ b10;
4471
4472 b12 += b3;
4473 b3 = rol64(b3, 18) ^ b12;
4474
4475 b14 += b5;
4476 b5 = rol64(b5, 23) ^ b14;
4477
4478 b8 += b1;
4479 b1 = rol64(b1, 52) ^ b8;
4480
4481 b0 += b7;
4482 b7 = rol64(b7, 33) ^ b0;
4483
4484 b2 += b5;
4485 b5 = rol64(b5, 4) ^ b2;
4486
4487 b4 += b3;
4488 b3 = rol64(b3, 51) ^ b4;
4489
4490 b6 += b1;
4491 b1 = rol64(b1, 13) ^ b6;
4492
4493 b12 += b15;
4494 b15 = rol64(b15, 34) ^ b12;
4495
4496 b14 += b13;
4497 b13 = rol64(b13, 41) ^ b14;
4498
4499 b8 += b11;
4500 b11 = rol64(b11, 59) ^ b8;
4501
4502 b10 += b9;
4503 b9 = rol64(b9, 17) ^ b10;
4504
4505 b0 += b15;
4506 b15 = rol64(b15, 5) ^ b0;
4507
4508 b2 += b11;
4509 b11 = rol64(b11, 20) ^ b2;
4510
4511 b6 += b13;
4512 b13 = rol64(b13, 48) ^ b6;
4513
4514 b4 += b9;
4515 b9 = rol64(b9, 41) ^ b4;
4516
4517 b14 += b1;
4518 b1 = rol64(b1, 47) ^ b14;
4519
4520 b8 += b5;
4521 b5 = rol64(b5, 28) ^ b8;
4522
4523 b10 += b3;
4524 b3 = rol64(b3, 16) ^ b10;
4525
4526 b12 += b7;
4527 b7 = rol64(b7, 25) ^ b12;
4528
4529 b1 += k12;
4530 b0 += b1 + k11;
4531 b1 = rol64(b1, 41) ^ b0;
4532
4533 b3 += k14;
4534 b2 += b3 + k13;
4535 b3 = rol64(b3, 9) ^ b2;
4536
4537 b5 += k16;
4538 b4 += b5 + k15;
4539 b5 = rol64(b5, 37) ^ b4;
4540
4541 b7 += k1;
4542 b6 += b7 + k0;
4543 b7 = rol64(b7, 31) ^ b6;
4544
4545 b9 += k3;
4546 b8 += b9 + k2;
4547 b9 = rol64(b9, 12) ^ b8;
4548
4549 b11 += k5;
4550 b10 += b11 + k4;
4551 b11 = rol64(b11, 47) ^ b10;
4552
4553 b13 += k7 + t2;
4554 b12 += b13 + k6;
4555 b13 = rol64(b13, 44) ^ b12;
4556
4557 b15 += k9 + 11;
4558 b14 += b15 + k8 + t0;
4559 b15 = rol64(b15, 30) ^ b14;
4560
4561 b0 += b9;
4562 b9 = rol64(b9, 16) ^ b0;
4563
4564 b2 += b13;
4565 b13 = rol64(b13, 34) ^ b2;
4566
4567 b6 += b11;
4568 b11 = rol64(b11, 56) ^ b6;
4569
4570 b4 += b15;
4571 b15 = rol64(b15, 51) ^ b4;
4572
4573 b10 += b7;
4574 b7 = rol64(b7, 4) ^ b10;
4575
4576 b12 += b3;
4577 b3 = rol64(b3, 53) ^ b12;
4578
4579 b14 += b5;
4580 b5 = rol64(b5, 42) ^ b14;
4581
4582 b8 += b1;
4583 b1 = rol64(b1, 41) ^ b8;
4584
4585 b0 += b7;
4586 b7 = rol64(b7, 31) ^ b0;
4587
4588 b2 += b5;
4589 b5 = rol64(b5, 44) ^ b2;
4590
4591 b4 += b3;
4592 b3 = rol64(b3, 47) ^ b4;
4593
4594 b6 += b1;
4595 b1 = rol64(b1, 46) ^ b6;
4596
4597 b12 += b15;
4598 b15 = rol64(b15, 19) ^ b12;
4599
4600 b14 += b13;
4601 b13 = rol64(b13, 42) ^ b14;
4602
4603 b8 += b11;
4604 b11 = rol64(b11, 44) ^ b8;
4605
4606 b10 += b9;
4607 b9 = rol64(b9, 25) ^ b10;
4608
4609 b0 += b15;
4610 b15 = rol64(b15, 9) ^ b0;
4611
4612 b2 += b11;
4613 b11 = rol64(b11, 48) ^ b2;
4614
4615 b6 += b13;
4616 b13 = rol64(b13, 35) ^ b6;
4617
4618 b4 += b9;
4619 b9 = rol64(b9, 52) ^ b4;
4620
4621 b14 += b1;
4622 b1 = rol64(b1, 23) ^ b14;
4623
4624 b8 += b5;
4625 b5 = rol64(b5, 31) ^ b8;
4626
4627 b10 += b3;
4628 b3 = rol64(b3, 37) ^ b10;
4629
4630 b12 += b7;
4631 b7 = rol64(b7, 20) ^ b12;
4632
4633 b1 += k13;
4634 b0 += b1 + k12;
4635 b1 = rol64(b1, 24) ^ b0;
4636
4637 b3 += k15;
4638 b2 += b3 + k14;
4639 b3 = rol64(b3, 13) ^ b2;
4640
4641 b5 += k0;
4642 b4 += b5 + k16;
4643 b5 = rol64(b5, 8) ^ b4;
4644
4645 b7 += k2;
4646 b6 += b7 + k1;
4647 b7 = rol64(b7, 47) ^ b6;
4648
4649 b9 += k4;
4650 b8 += b9 + k3;
4651 b9 = rol64(b9, 8) ^ b8;
4652
4653 b11 += k6;
4654 b10 += b11 + k5;
4655 b11 = rol64(b11, 17) ^ b10;
4656
4657 b13 += k8 + t0;
4658 b12 += b13 + k7;
4659 b13 = rol64(b13, 22) ^ b12;
4660
4661 b15 += k10 + 12;
4662 b14 += b15 + k9 + t1;
4663 b15 = rol64(b15, 37) ^ b14;
4664
4665 b0 += b9;
4666 b9 = rol64(b9, 38) ^ b0;
4667
4668 b2 += b13;
4669 b13 = rol64(b13, 19) ^ b2;
4670
4671 b6 += b11;
4672 b11 = rol64(b11, 10) ^ b6;
4673
4674 b4 += b15;
4675 b15 = rol64(b15, 55) ^ b4;
4676
4677 b10 += b7;
4678 b7 = rol64(b7, 49) ^ b10;
4679
4680 b12 += b3;
4681 b3 = rol64(b3, 18) ^ b12;
4682
4683 b14 += b5;
4684 b5 = rol64(b5, 23) ^ b14;
4685
4686 b8 += b1;
4687 b1 = rol64(b1, 52) ^ b8;
4688
4689 b0 += b7;
4690 b7 = rol64(b7, 33) ^ b0;
4691
4692 b2 += b5;
4693 b5 = rol64(b5, 4) ^ b2;
4694
4695 b4 += b3;
4696 b3 = rol64(b3, 51) ^ b4;
4697
4698 b6 += b1;
4699 b1 = rol64(b1, 13) ^ b6;
4700
4701 b12 += b15;
4702 b15 = rol64(b15, 34) ^ b12;
4703
4704 b14 += b13;
4705 b13 = rol64(b13, 41) ^ b14;
4706
4707 b8 += b11;
4708 b11 = rol64(b11, 59) ^ b8;
4709
4710 b10 += b9;
4711 b9 = rol64(b9, 17) ^ b10;
4712
4713 b0 += b15;
4714 b15 = rol64(b15, 5) ^ b0;
4715
4716 b2 += b11;
4717 b11 = rol64(b11, 20) ^ b2;
4718
4719 b6 += b13;
4720 b13 = rol64(b13, 48) ^ b6;
4721
4722 b4 += b9;
4723 b9 = rol64(b9, 41) ^ b4;
4724
4725 b14 += b1;
4726 b1 = rol64(b1, 47) ^ b14;
4727
4728 b8 += b5;
4729 b5 = rol64(b5, 28) ^ b8;
4730
4731 b10 += b3;
4732 b3 = rol64(b3, 16) ^ b10;
4733
4734 b12 += b7;
4735 b7 = rol64(b7, 25) ^ b12;
4736
4737 b1 += k14;
4738 b0 += b1 + k13;
4739 b1 = rol64(b1, 41) ^ b0;
4740
4741 b3 += k16;
4742 b2 += b3 + k15;
4743 b3 = rol64(b3, 9) ^ b2;
4744
4745 b5 += k1;
4746 b4 += b5 + k0;
4747 b5 = rol64(b5, 37) ^ b4;
4748
4749 b7 += k3;
4750 b6 += b7 + k2;
4751 b7 = rol64(b7, 31) ^ b6;
4752
4753 b9 += k5;
4754 b8 += b9 + k4;
4755 b9 = rol64(b9, 12) ^ b8;
4756
4757 b11 += k7;
4758 b10 += b11 + k6;
4759 b11 = rol64(b11, 47) ^ b10;
4760
4761 b13 += k9 + t1;
4762 b12 += b13 + k8;
4763 b13 = rol64(b13, 44) ^ b12;
4764
4765 b15 += k11 + 13;
4766 b14 += b15 + k10 + t2;
4767 b15 = rol64(b15, 30) ^ b14;
4768
4769 b0 += b9;
4770 b9 = rol64(b9, 16) ^ b0;
4771
4772 b2 += b13;
4773 b13 = rol64(b13, 34) ^ b2;
4774
4775 b6 += b11;
4776 b11 = rol64(b11, 56) ^ b6;
4777
4778 b4 += b15;
4779 b15 = rol64(b15, 51) ^ b4;
4780
4781 b10 += b7;
4782 b7 = rol64(b7, 4) ^ b10;
4783
4784 b12 += b3;
4785 b3 = rol64(b3, 53) ^ b12;
4786
4787 b14 += b5;
4788 b5 = rol64(b5, 42) ^ b14;
4789
4790 b8 += b1;
4791 b1 = rol64(b1, 41) ^ b8;
4792
4793 b0 += b7;
4794 b7 = rol64(b7, 31) ^ b0;
4795
4796 b2 += b5;
4797 b5 = rol64(b5, 44) ^ b2;
4798
4799 b4 += b3;
4800 b3 = rol64(b3, 47) ^ b4;
4801
4802 b6 += b1;
4803 b1 = rol64(b1, 46) ^ b6;
4804
4805 b12 += b15;
4806 b15 = rol64(b15, 19) ^ b12;
4807
4808 b14 += b13;
4809 b13 = rol64(b13, 42) ^ b14;
4810
4811 b8 += b11;
4812 b11 = rol64(b11, 44) ^ b8;
4813
4814 b10 += b9;
4815 b9 = rol64(b9, 25) ^ b10;
4816
4817 b0 += b15;
4818 b15 = rol64(b15, 9) ^ b0;
4819
4820 b2 += b11;
4821 b11 = rol64(b11, 48) ^ b2;
4822
4823 b6 += b13;
4824 b13 = rol64(b13, 35) ^ b6;
4825
4826 b4 += b9;
4827 b9 = rol64(b9, 52) ^ b4;
4828
4829 b14 += b1;
4830 b1 = rol64(b1, 23) ^ b14;
4831
4832 b8 += b5;
4833 b5 = rol64(b5, 31) ^ b8;
4834
4835 b10 += b3;
4836 b3 = rol64(b3, 37) ^ b10;
4837
4838 b12 += b7;
4839 b7 = rol64(b7, 20) ^ b12;
4840
4841 b1 += k15;
4842 b0 += b1 + k14;
4843 b1 = rol64(b1, 24) ^ b0;
4844
4845 b3 += k0;
4846 b2 += b3 + k16;
4847 b3 = rol64(b3, 13) ^ b2;
4848
4849 b5 += k2;
4850 b4 += b5 + k1;
4851 b5 = rol64(b5, 8) ^ b4;
4852
4853 b7 += k4;
4854 b6 += b7 + k3;
4855 b7 = rol64(b7, 47) ^ b6;
4856
4857 b9 += k6;
4858 b8 += b9 + k5;
4859 b9 = rol64(b9, 8) ^ b8;
4860
4861 b11 += k8;
4862 b10 += b11 + k7;
4863 b11 = rol64(b11, 17) ^ b10;
4864
4865 b13 += k10 + t2;
4866 b12 += b13 + k9;
4867 b13 = rol64(b13, 22) ^ b12;
4868
4869 b15 += k12 + 14;
4870 b14 += b15 + k11 + t0;
4871 b15 = rol64(b15, 37) ^ b14;
4872
4873 b0 += b9;
4874 b9 = rol64(b9, 38) ^ b0;
4875
4876 b2 += b13;
4877 b13 = rol64(b13, 19) ^ b2;
4878
4879 b6 += b11;
4880 b11 = rol64(b11, 10) ^ b6;
4881
4882 b4 += b15;
4883 b15 = rol64(b15, 55) ^ b4;
4884
4885 b10 += b7;
4886 b7 = rol64(b7, 49) ^ b10;
4887
4888 b12 += b3;
4889 b3 = rol64(b3, 18) ^ b12;
4890
4891 b14 += b5;
4892 b5 = rol64(b5, 23) ^ b14;
4893
4894 b8 += b1;
4895 b1 = rol64(b1, 52) ^ b8;
4896
4897 b0 += b7;
4898 b7 = rol64(b7, 33) ^ b0;
4899
4900 b2 += b5;
4901 b5 = rol64(b5, 4) ^ b2;
4902
4903 b4 += b3;
4904 b3 = rol64(b3, 51) ^ b4;
4905
4906 b6 += b1;
4907 b1 = rol64(b1, 13) ^ b6;
4908
4909 b12 += b15;
4910 b15 = rol64(b15, 34) ^ b12;
4911
4912 b14 += b13;
4913 b13 = rol64(b13, 41) ^ b14;
4914
4915 b8 += b11;
4916 b11 = rol64(b11, 59) ^ b8;
4917
4918 b10 += b9;
4919 b9 = rol64(b9, 17) ^ b10;
4920
4921 b0 += b15;
4922 b15 = rol64(b15, 5) ^ b0;
4923
4924 b2 += b11;
4925 b11 = rol64(b11, 20) ^ b2;
4926
4927 b6 += b13;
4928 b13 = rol64(b13, 48) ^ b6;
4929
4930 b4 += b9;
4931 b9 = rol64(b9, 41) ^ b4;
4932
4933 b14 += b1;
4934 b1 = rol64(b1, 47) ^ b14;
4935
4936 b8 += b5;
4937 b5 = rol64(b5, 28) ^ b8;
4938
4939 b10 += b3;
4940 b3 = rol64(b3, 16) ^ b10;
4941
4942 b12 += b7;
4943 b7 = rol64(b7, 25) ^ b12;
4944
4945 b1 += k16;
4946 b0 += b1 + k15;
4947 b1 = rol64(b1, 41) ^ b0;
4948
4949 b3 += k1;
4950 b2 += b3 + k0;
4951 b3 = rol64(b3, 9) ^ b2;
4952
4953 b5 += k3;
4954 b4 += b5 + k2;
4955 b5 = rol64(b5, 37) ^ b4;
4956
4957 b7 += k5;
4958 b6 += b7 + k4;
4959 b7 = rol64(b7, 31) ^ b6;
4960
4961 b9 += k7;
4962 b8 += b9 + k6;
4963 b9 = rol64(b9, 12) ^ b8;
4964
4965 b11 += k9;
4966 b10 += b11 + k8;
4967 b11 = rol64(b11, 47) ^ b10;
4968
4969 b13 += k11 + t0;
4970 b12 += b13 + k10;
4971 b13 = rol64(b13, 44) ^ b12;
4972
4973 b15 += k13 + 15;
4974 b14 += b15 + k12 + t1;
4975 b15 = rol64(b15, 30) ^ b14;
4976
4977 b0 += b9;
4978 b9 = rol64(b9, 16) ^ b0;
4979
4980 b2 += b13;
4981 b13 = rol64(b13, 34) ^ b2;
4982
4983 b6 += b11;
4984 b11 = rol64(b11, 56) ^ b6;
4985
4986 b4 += b15;
4987 b15 = rol64(b15, 51) ^ b4;
4988
4989 b10 += b7;
4990 b7 = rol64(b7, 4) ^ b10;
4991
4992 b12 += b3;
4993 b3 = rol64(b3, 53) ^ b12;
4994
4995 b14 += b5;
4996 b5 = rol64(b5, 42) ^ b14;
4997
4998 b8 += b1;
4999 b1 = rol64(b1, 41) ^ b8;
5000
5001 b0 += b7;
5002 b7 = rol64(b7, 31) ^ b0;
5003
5004 b2 += b5;
5005 b5 = rol64(b5, 44) ^ b2;
5006
5007 b4 += b3;
5008 b3 = rol64(b3, 47) ^ b4;
5009
5010 b6 += b1;
5011 b1 = rol64(b1, 46) ^ b6;
5012
5013 b12 += b15;
5014 b15 = rol64(b15, 19) ^ b12;
5015
5016 b14 += b13;
5017 b13 = rol64(b13, 42) ^ b14;
5018
5019 b8 += b11;
5020 b11 = rol64(b11, 44) ^ b8;
5021
5022 b10 += b9;
5023 b9 = rol64(b9, 25) ^ b10;
5024
5025 b0 += b15;
5026 b15 = rol64(b15, 9) ^ b0;
5027
5028 b2 += b11;
5029 b11 = rol64(b11, 48) ^ b2;
5030
5031 b6 += b13;
5032 b13 = rol64(b13, 35) ^ b6;
5033
5034 b4 += b9;
5035 b9 = rol64(b9, 52) ^ b4;
5036
5037 b14 += b1;
5038 b1 = rol64(b1, 23) ^ b14;
5039
5040 b8 += b5;
5041 b5 = rol64(b5, 31) ^ b8;
5042
5043 b10 += b3;
5044 b3 = rol64(b3, 37) ^ b10;
5045
5046 b12 += b7;
5047 b7 = rol64(b7, 20) ^ b12;
5048
5049 b1 += k0;
5050 b0 += b1 + k16;
5051 b1 = rol64(b1, 24) ^ b0;
5052
5053 b3 += k2;
5054 b2 += b3 + k1;
5055 b3 = rol64(b3, 13) ^ b2;
5056
5057 b5 += k4;
5058 b4 += b5 + k3;
5059 b5 = rol64(b5, 8) ^ b4;
5060
5061 b7 += k6;
5062 b6 += b7 + k5;
5063 b7 = rol64(b7, 47) ^ b6;
5064
5065 b9 += k8;
5066 b8 += b9 + k7;
5067 b9 = rol64(b9, 8) ^ b8;
5068
5069 b11 += k10;
5070 b10 += b11 + k9;
5071 b11 = rol64(b11, 17) ^ b10;
5072
5073 b13 += k12 + t1;
5074 b12 += b13 + k11;
5075 b13 = rol64(b13, 22) ^ b12;
5076
5077 b15 += k14 + 16;
5078 b14 += b15 + k13 + t2;
5079 b15 = rol64(b15, 37) ^ b14;
5080
5081 b0 += b9;
5082 b9 = rol64(b9, 38) ^ b0;
5083
5084 b2 += b13;
5085 b13 = rol64(b13, 19) ^ b2;
5086
5087 b6 += b11;
5088 b11 = rol64(b11, 10) ^ b6;
5089
5090 b4 += b15;
5091 b15 = rol64(b15, 55) ^ b4;
5092
5093 b10 += b7;
5094 b7 = rol64(b7, 49) ^ b10;
5095
5096 b12 += b3;
5097 b3 = rol64(b3, 18) ^ b12;
5098
5099 b14 += b5;
5100 b5 = rol64(b5, 23) ^ b14;
5101
5102 b8 += b1;
5103 b1 = rol64(b1, 52) ^ b8;
5104
5105 b0 += b7;
5106 b7 = rol64(b7, 33) ^ b0;
5107
5108 b2 += b5;
5109 b5 = rol64(b5, 4) ^ b2;
5110
5111 b4 += b3;
5112 b3 = rol64(b3, 51) ^ b4;
5113
5114 b6 += b1;
5115 b1 = rol64(b1, 13) ^ b6;
5116
5117 b12 += b15;
5118 b15 = rol64(b15, 34) ^ b12;
5119
5120 b14 += b13;
5121 b13 = rol64(b13, 41) ^ b14;
5122
5123 b8 += b11;
5124 b11 = rol64(b11, 59) ^ b8;
5125
5126 b10 += b9;
5127 b9 = rol64(b9, 17) ^ b10;
5128
5129 b0 += b15;
5130 b15 = rol64(b15, 5) ^ b0;
5131
5132 b2 += b11;
5133 b11 = rol64(b11, 20) ^ b2;
5134
5135 b6 += b13;
5136 b13 = rol64(b13, 48) ^ b6;
5137
5138 b4 += b9;
5139 b9 = rol64(b9, 41) ^ b4;
5140
5141 b14 += b1;
5142 b1 = rol64(b1, 47) ^ b14;
5143
5144 b8 += b5;
5145 b5 = rol64(b5, 28) ^ b8;
5146
5147 b10 += b3;
5148 b3 = rol64(b3, 16) ^ b10;
5149
5150 b12 += b7;
5151 b7 = rol64(b7, 25) ^ b12;
5152
5153 b1 += k1;
5154 b0 += b1 + k0;
5155 b1 = rol64(b1, 41) ^ b0;
5156
5157 b3 += k3;
5158 b2 += b3 + k2;
5159 b3 = rol64(b3, 9) ^ b2;
5160
5161 b5 += k5;
5162 b4 += b5 + k4;
5163 b5 = rol64(b5, 37) ^ b4;
5164
5165 b7 += k7;
5166 b6 += b7 + k6;
5167 b7 = rol64(b7, 31) ^ b6;
5168
5169 b9 += k9;
5170 b8 += b9 + k8;
5171 b9 = rol64(b9, 12) ^ b8;
5172
5173 b11 += k11;
5174 b10 += b11 + k10;
5175 b11 = rol64(b11, 47) ^ b10;
5176
5177 b13 += k13 + t2;
5178 b12 += b13 + k12;
5179 b13 = rol64(b13, 44) ^ b12;
5180
5181 b15 += k15 + 17;
5182 b14 += b15 + k14 + t0;
5183 b15 = rol64(b15, 30) ^ b14;
5184
5185 b0 += b9;
5186 b9 = rol64(b9, 16) ^ b0;
5187
5188 b2 += b13;
5189 b13 = rol64(b13, 34) ^ b2;
5190
5191 b6 += b11;
5192 b11 = rol64(b11, 56) ^ b6;
5193
5194 b4 += b15;
5195 b15 = rol64(b15, 51) ^ b4;
5196
5197 b10 += b7;
5198 b7 = rol64(b7, 4) ^ b10;
5199
5200 b12 += b3;
5201 b3 = rol64(b3, 53) ^ b12;
5202
5203 b14 += b5;
5204 b5 = rol64(b5, 42) ^ b14;
5205
5206 b8 += b1;
5207 b1 = rol64(b1, 41) ^ b8;
5208
5209 b0 += b7;
5210 b7 = rol64(b7, 31) ^ b0;
5211
5212 b2 += b5;
5213 b5 = rol64(b5, 44) ^ b2;
5214
5215 b4 += b3;
5216 b3 = rol64(b3, 47) ^ b4;
5217
5218 b6 += b1;
5219 b1 = rol64(b1, 46) ^ b6;
5220
5221 b12 += b15;
5222 b15 = rol64(b15, 19) ^ b12;
5223
5224 b14 += b13;
5225 b13 = rol64(b13, 42) ^ b14;
5226
5227 b8 += b11;
5228 b11 = rol64(b11, 44) ^ b8;
5229
5230 b10 += b9;
5231 b9 = rol64(b9, 25) ^ b10;
5232
5233 b0 += b15;
5234 b15 = rol64(b15, 9) ^ b0;
5235
5236 b2 += b11;
5237 b11 = rol64(b11, 48) ^ b2;
5238
5239 b6 += b13;
5240 b13 = rol64(b13, 35) ^ b6;
5241
5242 b4 += b9;
5243 b9 = rol64(b9, 52) ^ b4;
5244
5245 b14 += b1;
5246 b1 = rol64(b1, 23) ^ b14;
5247
5248 b8 += b5;
5249 b5 = rol64(b5, 31) ^ b8;
5250
5251 b10 += b3;
5252 b3 = rol64(b3, 37) ^ b10;
5253
5254 b12 += b7;
5255 b7 = rol64(b7, 20) ^ b12;
5256
5257 b1 += k2;
5258 b0 += b1 + k1;
5259 b1 = rol64(b1, 24) ^ b0;
5260
5261 b3 += k4;
5262 b2 += b3 + k3;
5263 b3 = rol64(b3, 13) ^ b2;
5264
5265 b5 += k6;
5266 b4 += b5 + k5;
5267 b5 = rol64(b5, 8) ^ b4;
5268
5269 b7 += k8;
5270 b6 += b7 + k7;
5271 b7 = rol64(b7, 47) ^ b6;
5272
5273 b9 += k10;
5274 b8 += b9 + k9;
5275 b9 = rol64(b9, 8) ^ b8;
5276
5277 b11 += k12;
5278 b10 += b11 + k11;
5279 b11 = rol64(b11, 17) ^ b10;
5280
5281 b13 += k14 + t0;
5282 b12 += b13 + k13;
5283 b13 = rol64(b13, 22) ^ b12;
5284
5285 b15 += k16 + 18;
5286 b14 += b15 + k15 + t1;
5287 b15 = rol64(b15, 37) ^ b14;
5288
5289 b0 += b9;
5290 b9 = rol64(b9, 38) ^ b0;
5291
5292 b2 += b13;
5293 b13 = rol64(b13, 19) ^ b2;
5294
5295 b6 += b11;
5296 b11 = rol64(b11, 10) ^ b6;
5297
5298 b4 += b15;
5299 b15 = rol64(b15, 55) ^ b4;
5300
5301 b10 += b7;
5302 b7 = rol64(b7, 49) ^ b10;
5303
5304 b12 += b3;
5305 b3 = rol64(b3, 18) ^ b12;
5306
5307 b14 += b5;
5308 b5 = rol64(b5, 23) ^ b14;
5309
5310 b8 += b1;
5311 b1 = rol64(b1, 52) ^ b8;
5312
5313 b0 += b7;
5314 b7 = rol64(b7, 33) ^ b0;
5315
5316 b2 += b5;
5317 b5 = rol64(b5, 4) ^ b2;
5318
5319 b4 += b3;
5320 b3 = rol64(b3, 51) ^ b4;
5321
5322 b6 += b1;
5323 b1 = rol64(b1, 13) ^ b6;
5324
5325 b12 += b15;
5326 b15 = rol64(b15, 34) ^ b12;
5327
5328 b14 += b13;
5329 b13 = rol64(b13, 41) ^ b14;
5330
5331 b8 += b11;
5332 b11 = rol64(b11, 59) ^ b8;
5333
5334 b10 += b9;
5335 b9 = rol64(b9, 17) ^ b10;
5336
5337 b0 += b15;
5338 b15 = rol64(b15, 5) ^ b0;
5339
5340 b2 += b11;
5341 b11 = rol64(b11, 20) ^ b2;
5342
5343 b6 += b13;
5344 b13 = rol64(b13, 48) ^ b6;
5345
5346 b4 += b9;
5347 b9 = rol64(b9, 41) ^ b4;
5348
5349 b14 += b1;
5350 b1 = rol64(b1, 47) ^ b14;
5351
5352 b8 += b5;
5353 b5 = rol64(b5, 28) ^ b8;
5354
5355 b10 += b3;
5356 b3 = rol64(b3, 16) ^ b10;
5357
5358 b12 += b7;
5359 b7 = rol64(b7, 25) ^ b12;
5360
5361 b1 += k3;
5362 b0 += b1 + k2;
5363 b1 = rol64(b1, 41) ^ b0;
5364
5365 b3 += k5;
5366 b2 += b3 + k4;
5367 b3 = rol64(b3, 9) ^ b2;
5368
5369 b5 += k7;
5370 b4 += b5 + k6;
5371 b5 = rol64(b5, 37) ^ b4;
5372
5373 b7 += k9;
5374 b6 += b7 + k8;
5375 b7 = rol64(b7, 31) ^ b6;
5376
5377 b9 += k11;
5378 b8 += b9 + k10;
5379 b9 = rol64(b9, 12) ^ b8;
5380
5381 b11 += k13;
5382 b10 += b11 + k12;
5383 b11 = rol64(b11, 47) ^ b10;
5384
5385 b13 += k15 + t1;
5386 b12 += b13 + k14;
5387 b13 = rol64(b13, 44) ^ b12;
5388
5389 b15 += k0 + 19;
5390 b14 += b15 + k16 + t2;
5391 b15 = rol64(b15, 30) ^ b14;
5392
5393 b0 += b9;
5394 b9 = rol64(b9, 16) ^ b0;
5395
5396 b2 += b13;
5397 b13 = rol64(b13, 34) ^ b2;
5398
5399 b6 += b11;
5400 b11 = rol64(b11, 56) ^ b6;
5401
5402 b4 += b15;
5403 b15 = rol64(b15, 51) ^ b4;
5404
5405 b10 += b7;
5406 b7 = rol64(b7, 4) ^ b10;
5407
5408 b12 += b3;
5409 b3 = rol64(b3, 53) ^ b12;
5410
5411 b14 += b5;
5412 b5 = rol64(b5, 42) ^ b14;
5413
5414 b8 += b1;
5415 b1 = rol64(b1, 41) ^ b8;
5416
5417 b0 += b7;
5418 b7 = rol64(b7, 31) ^ b0;
5419
5420 b2 += b5;
5421 b5 = rol64(b5, 44) ^ b2;
5422
5423 b4 += b3;
5424 b3 = rol64(b3, 47) ^ b4;
5425
5426 b6 += b1;
5427 b1 = rol64(b1, 46) ^ b6;
5428
5429 b12 += b15;
5430 b15 = rol64(b15, 19) ^ b12;
5431
5432 b14 += b13;
5433 b13 = rol64(b13, 42) ^ b14;
5434
5435 b8 += b11;
5436 b11 = rol64(b11, 44) ^ b8;
5437
5438 b10 += b9;
5439 b9 = rol64(b9, 25) ^ b10;
5440
5441 b0 += b15;
5442 b15 = rol64(b15, 9) ^ b0;
5443
5444 b2 += b11;
5445 b11 = rol64(b11, 48) ^ b2;
5446
5447 b6 += b13;
5448 b13 = rol64(b13, 35) ^ b6;
5449
5450 b4 += b9;
5451 b9 = rol64(b9, 52) ^ b4;
5452
5453 b14 += b1;
5454 b1 = rol64(b1, 23) ^ b14;
5455
5456 b8 += b5;
5457 b5 = rol64(b5, 31) ^ b8;
5458
5459 b10 += b3;
5460 b3 = rol64(b3, 37) ^ b10;
5461
5462 b12 += b7;
5463 b7 = rol64(b7, 20) ^ b12;
5464
5465 output[0] = b0 + k3;
5466 output[1] = b1 + k4;
5467 output[2] = b2 + k5;
5468 output[3] = b3 + k6;
5469 output[4] = b4 + k7;
5470 output[5] = b5 + k8;
5471 output[6] = b6 + k9;
5472 output[7] = b7 + k10;
5473 output[8] = b8 + k11;
5474 output[9] = b9 + k12;
5475 output[10] = b10 + k13;
5476 output[11] = b11 + k14;
5477 output[12] = b12 + k15;
5478 output[13] = b13 + k16 + t2;
5479 output[14] = b14 + k0 + t0;
5480 output[15] = b15 + k1 + 20;
5481 }
5482
5483 void threefish_decrypt_1024(struct threefish_key *key_ctx, u64 *input,
5484 u64 *output)
5485 {
5486 u64 b0 = input[0], b1 = input[1],
5487 b2 = input[2], b3 = input[3],
5488 b4 = input[4], b5 = input[5],
5489 b6 = input[6], b7 = input[7],
5490 b8 = input[8], b9 = input[9],
5491 b10 = input[10], b11 = input[11],
5492 b12 = input[12], b13 = input[13],
5493 b14 = input[14], b15 = input[15];
5494 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
5495 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
5496 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
5497 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
5498 k8 = key_ctx->key[8], k9 = key_ctx->key[9],
5499 k10 = key_ctx->key[10], k11 = key_ctx->key[11],
5500 k12 = key_ctx->key[12], k13 = key_ctx->key[13],
5501 k14 = key_ctx->key[14], k15 = key_ctx->key[15],
5502 k16 = key_ctx->key[16];
5503 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
5504 t2 = key_ctx->tweak[2];
5505 u64 tmp;
5506
5507 b0 -= k3;
5508 b1 -= k4;
5509 b2 -= k5;
5510 b3 -= k6;
5511 b4 -= k7;
5512 b5 -= k8;
5513 b6 -= k9;
5514 b7 -= k10;
5515 b8 -= k11;
5516 b9 -= k12;
5517 b10 -= k13;
5518 b11 -= k14;
5519 b12 -= k15;
5520 b13 -= k16 + t2;
5521 b14 -= k0 + t0;
5522 b15 -= k1 + 20;
5523 tmp = b7 ^ b12;
5524 b7 = (tmp >> 20) | (tmp << (64 - 20));
5525 b12 -= b7;
5526
5527 tmp = b3 ^ b10;
5528 b3 = (tmp >> 37) | (tmp << (64 - 37));
5529 b10 -= b3;
5530
5531 tmp = b5 ^ b8;
5532 b5 = (tmp >> 31) | (tmp << (64 - 31));
5533 b8 -= b5;
5534
5535 tmp = b1 ^ b14;
5536 b1 = (tmp >> 23) | (tmp << (64 - 23));
5537 b14 -= b1;
5538
5539 tmp = b9 ^ b4;
5540 b9 = (tmp >> 52) | (tmp << (64 - 52));
5541 b4 -= b9;
5542
5543 tmp = b13 ^ b6;
5544 b13 = (tmp >> 35) | (tmp << (64 - 35));
5545 b6 -= b13;
5546
5547 tmp = b11 ^ b2;
5548 b11 = (tmp >> 48) | (tmp << (64 - 48));
5549 b2 -= b11;
5550
5551 tmp = b15 ^ b0;
5552 b15 = (tmp >> 9) | (tmp << (64 - 9));
5553 b0 -= b15;
5554
5555 tmp = b9 ^ b10;
5556 b9 = (tmp >> 25) | (tmp << (64 - 25));
5557 b10 -= b9;
5558
5559 tmp = b11 ^ b8;
5560 b11 = (tmp >> 44) | (tmp << (64 - 44));
5561 b8 -= b11;
5562
5563 tmp = b13 ^ b14;
5564 b13 = (tmp >> 42) | (tmp << (64 - 42));
5565 b14 -= b13;
5566
5567 tmp = b15 ^ b12;
5568 b15 = (tmp >> 19) | (tmp << (64 - 19));
5569 b12 -= b15;
5570
5571 tmp = b1 ^ b6;
5572 b1 = (tmp >> 46) | (tmp << (64 - 46));
5573 b6 -= b1;
5574
5575 tmp = b3 ^ b4;
5576 b3 = (tmp >> 47) | (tmp << (64 - 47));
5577 b4 -= b3;
5578
5579 tmp = b5 ^ b2;
5580 b5 = (tmp >> 44) | (tmp << (64 - 44));
5581 b2 -= b5;
5582
5583 tmp = b7 ^ b0;
5584 b7 = (tmp >> 31) | (tmp << (64 - 31));
5585 b0 -= b7;
5586
5587 tmp = b1 ^ b8;
5588 b1 = (tmp >> 41) | (tmp << (64 - 41));
5589 b8 -= b1;
5590
5591 tmp = b5 ^ b14;
5592 b5 = (tmp >> 42) | (tmp << (64 - 42));
5593 b14 -= b5;
5594
5595 tmp = b3 ^ b12;
5596 b3 = (tmp >> 53) | (tmp << (64 - 53));
5597 b12 -= b3;
5598
5599 tmp = b7 ^ b10;
5600 b7 = (tmp >> 4) | (tmp << (64 - 4));
5601 b10 -= b7;
5602
5603 tmp = b15 ^ b4;
5604 b15 = (tmp >> 51) | (tmp << (64 - 51));
5605 b4 -= b15;
5606
5607 tmp = b11 ^ b6;
5608 b11 = (tmp >> 56) | (tmp << (64 - 56));
5609 b6 -= b11;
5610
5611 tmp = b13 ^ b2;
5612 b13 = (tmp >> 34) | (tmp << (64 - 34));
5613 b2 -= b13;
5614
5615 tmp = b9 ^ b0;
5616 b9 = (tmp >> 16) | (tmp << (64 - 16));
5617 b0 -= b9;
5618
5619 tmp = b15 ^ b14;
5620 b15 = (tmp >> 30) | (tmp << (64 - 30));
5621 b14 -= b15 + k16 + t2;
5622 b15 -= k0 + 19;
5623
5624 tmp = b13 ^ b12;
5625 b13 = (tmp >> 44) | (tmp << (64 - 44));
5626 b12 -= b13 + k14;
5627 b13 -= k15 + t1;
5628
5629 tmp = b11 ^ b10;
5630 b11 = (tmp >> 47) | (tmp << (64 - 47));
5631 b10 -= b11 + k12;
5632 b11 -= k13;
5633
5634 tmp = b9 ^ b8;
5635 b9 = (tmp >> 12) | (tmp << (64 - 12));
5636 b8 -= b9 + k10;
5637 b9 -= k11;
5638
5639 tmp = b7 ^ b6;
5640 b7 = (tmp >> 31) | (tmp << (64 - 31));
5641 b6 -= b7 + k8;
5642 b7 -= k9;
5643
5644 tmp = b5 ^ b4;
5645 b5 = (tmp >> 37) | (tmp << (64 - 37));
5646 b4 -= b5 + k6;
5647 b5 -= k7;
5648
5649 tmp = b3 ^ b2;
5650 b3 = (tmp >> 9) | (tmp << (64 - 9));
5651 b2 -= b3 + k4;
5652 b3 -= k5;
5653
5654 tmp = b1 ^ b0;
5655 b1 = (tmp >> 41) | (tmp << (64 - 41));
5656 b0 -= b1 + k2;
5657 b1 -= k3;
5658
5659 tmp = b7 ^ b12;
5660 b7 = (tmp >> 25) | (tmp << (64 - 25));
5661 b12 -= b7;
5662
5663 tmp = b3 ^ b10;
5664 b3 = (tmp >> 16) | (tmp << (64 - 16));
5665 b10 -= b3;
5666
5667 tmp = b5 ^ b8;
5668 b5 = (tmp >> 28) | (tmp << (64 - 28));
5669 b8 -= b5;
5670
5671 tmp = b1 ^ b14;
5672 b1 = (tmp >> 47) | (tmp << (64 - 47));
5673 b14 -= b1;
5674
5675 tmp = b9 ^ b4;
5676 b9 = (tmp >> 41) | (tmp << (64 - 41));
5677 b4 -= b9;
5678
5679 tmp = b13 ^ b6;
5680 b13 = (tmp >> 48) | (tmp << (64 - 48));
5681 b6 -= b13;
5682
5683 tmp = b11 ^ b2;
5684 b11 = (tmp >> 20) | (tmp << (64 - 20));
5685 b2 -= b11;
5686
5687 tmp = b15 ^ b0;
5688 b15 = (tmp >> 5) | (tmp << (64 - 5));
5689 b0 -= b15;
5690
5691 tmp = b9 ^ b10;
5692 b9 = (tmp >> 17) | (tmp << (64 - 17));
5693 b10 -= b9;
5694
5695 tmp = b11 ^ b8;
5696 b11 = (tmp >> 59) | (tmp << (64 - 59));
5697 b8 -= b11;
5698
5699 tmp = b13 ^ b14;
5700 b13 = (tmp >> 41) | (tmp << (64 - 41));
5701 b14 -= b13;
5702
5703 tmp = b15 ^ b12;
5704 b15 = (tmp >> 34) | (tmp << (64 - 34));
5705 b12 -= b15;
5706
5707 tmp = b1 ^ b6;
5708 b1 = (tmp >> 13) | (tmp << (64 - 13));
5709 b6 -= b1;
5710
5711 tmp = b3 ^ b4;
5712 b3 = (tmp >> 51) | (tmp << (64 - 51));
5713 b4 -= b3;
5714
5715 tmp = b5 ^ b2;
5716 b5 = (tmp >> 4) | (tmp << (64 - 4));
5717 b2 -= b5;
5718
5719 tmp = b7 ^ b0;
5720 b7 = (tmp >> 33) | (tmp << (64 - 33));
5721 b0 -= b7;
5722
5723 tmp = b1 ^ b8;
5724 b1 = (tmp >> 52) | (tmp << (64 - 52));
5725 b8 -= b1;
5726
5727 tmp = b5 ^ b14;
5728 b5 = (tmp >> 23) | (tmp << (64 - 23));
5729 b14 -= b5;
5730
5731 tmp = b3 ^ b12;
5732 b3 = (tmp >> 18) | (tmp << (64 - 18));
5733 b12 -= b3;
5734
5735 tmp = b7 ^ b10;
5736 b7 = (tmp >> 49) | (tmp << (64 - 49));
5737 b10 -= b7;
5738
5739 tmp = b15 ^ b4;
5740 b15 = (tmp >> 55) | (tmp << (64 - 55));
5741 b4 -= b15;
5742
5743 tmp = b11 ^ b6;
5744 b11 = (tmp >> 10) | (tmp << (64 - 10));
5745 b6 -= b11;
5746
5747 tmp = b13 ^ b2;
5748 b13 = (tmp >> 19) | (tmp << (64 - 19));
5749 b2 -= b13;
5750
5751 tmp = b9 ^ b0;
5752 b9 = (tmp >> 38) | (tmp << (64 - 38));
5753 b0 -= b9;
5754
5755 tmp = b15 ^ b14;
5756 b15 = (tmp >> 37) | (tmp << (64 - 37));
5757 b14 -= b15 + k15 + t1;
5758 b15 -= k16 + 18;
5759
5760 tmp = b13 ^ b12;
5761 b13 = (tmp >> 22) | (tmp << (64 - 22));
5762 b12 -= b13 + k13;
5763 b13 -= k14 + t0;
5764
5765 tmp = b11 ^ b10;
5766 b11 = (tmp >> 17) | (tmp << (64 - 17));
5767 b10 -= b11 + k11;
5768 b11 -= k12;
5769
5770 tmp = b9 ^ b8;
5771 b9 = (tmp >> 8) | (tmp << (64 - 8));
5772 b8 -= b9 + k9;
5773 b9 -= k10;
5774
5775 tmp = b7 ^ b6;
5776 b7 = (tmp >> 47) | (tmp << (64 - 47));
5777 b6 -= b7 + k7;
5778 b7 -= k8;
5779
5780 tmp = b5 ^ b4;
5781 b5 = (tmp >> 8) | (tmp << (64 - 8));
5782 b4 -= b5 + k5;
5783 b5 -= k6;
5784
5785 tmp = b3 ^ b2;
5786 b3 = (tmp >> 13) | (tmp << (64 - 13));
5787 b2 -= b3 + k3;
5788 b3 -= k4;
5789
5790 tmp = b1 ^ b0;
5791 b1 = (tmp >> 24) | (tmp << (64 - 24));
5792 b0 -= b1 + k1;
5793 b1 -= k2;
5794
5795 tmp = b7 ^ b12;
5796 b7 = (tmp >> 20) | (tmp << (64 - 20));
5797 b12 -= b7;
5798
5799 tmp = b3 ^ b10;
5800 b3 = (tmp >> 37) | (tmp << (64 - 37));
5801 b10 -= b3;
5802
5803 tmp = b5 ^ b8;
5804 b5 = (tmp >> 31) | (tmp << (64 - 31));
5805 b8 -= b5;
5806
5807 tmp = b1 ^ b14;
5808 b1 = (tmp >> 23) | (tmp << (64 - 23));
5809 b14 -= b1;
5810
5811 tmp = b9 ^ b4;
5812 b9 = (tmp >> 52) | (tmp << (64 - 52));
5813 b4 -= b9;
5814
5815 tmp = b13 ^ b6;
5816 b13 = (tmp >> 35) | (tmp << (64 - 35));
5817 b6 -= b13;
5818
5819 tmp = b11 ^ b2;
5820 b11 = (tmp >> 48) | (tmp << (64 - 48));
5821 b2 -= b11;
5822
5823 tmp = b15 ^ b0;
5824 b15 = (tmp >> 9) | (tmp << (64 - 9));
5825 b0 -= b15;
5826
5827 tmp = b9 ^ b10;
5828 b9 = (tmp >> 25) | (tmp << (64 - 25));
5829 b10 -= b9;
5830
5831 tmp = b11 ^ b8;
5832 b11 = (tmp >> 44) | (tmp << (64 - 44));
5833 b8 -= b11;
5834
5835 tmp = b13 ^ b14;
5836 b13 = (tmp >> 42) | (tmp << (64 - 42));
5837 b14 -= b13;
5838
5839 tmp = b15 ^ b12;
5840 b15 = (tmp >> 19) | (tmp << (64 - 19));
5841 b12 -= b15;
5842
5843 tmp = b1 ^ b6;
5844 b1 = (tmp >> 46) | (tmp << (64 - 46));
5845 b6 -= b1;
5846
5847 tmp = b3 ^ b4;
5848 b3 = (tmp >> 47) | (tmp << (64 - 47));
5849 b4 -= b3;
5850
5851 tmp = b5 ^ b2;
5852 b5 = (tmp >> 44) | (tmp << (64 - 44));
5853 b2 -= b5;
5854
5855 tmp = b7 ^ b0;
5856 b7 = (tmp >> 31) | (tmp << (64 - 31));
5857 b0 -= b7;
5858
5859 tmp = b1 ^ b8;
5860 b1 = (tmp >> 41) | (tmp << (64 - 41));
5861 b8 -= b1;
5862
5863 tmp = b5 ^ b14;
5864 b5 = (tmp >> 42) | (tmp << (64 - 42));
5865 b14 -= b5;
5866
5867 tmp = b3 ^ b12;
5868 b3 = (tmp >> 53) | (tmp << (64 - 53));
5869 b12 -= b3;
5870
5871 tmp = b7 ^ b10;
5872 b7 = (tmp >> 4) | (tmp << (64 - 4));
5873 b10 -= b7;
5874
5875 tmp = b15 ^ b4;
5876 b15 = (tmp >> 51) | (tmp << (64 - 51));
5877 b4 -= b15;
5878
5879 tmp = b11 ^ b6;
5880 b11 = (tmp >> 56) | (tmp << (64 - 56));
5881 b6 -= b11;
5882
5883 tmp = b13 ^ b2;
5884 b13 = (tmp >> 34) | (tmp << (64 - 34));
5885 b2 -= b13;
5886
5887 tmp = b9 ^ b0;
5888 b9 = (tmp >> 16) | (tmp << (64 - 16));
5889 b0 -= b9;
5890
5891 tmp = b15 ^ b14;
5892 b15 = (tmp >> 30) | (tmp << (64 - 30));
5893 b14 -= b15 + k14 + t0;
5894 b15 -= k15 + 17;
5895
5896 tmp = b13 ^ b12;
5897 b13 = (tmp >> 44) | (tmp << (64 - 44));
5898 b12 -= b13 + k12;
5899 b13 -= k13 + t2;
5900
5901 tmp = b11 ^ b10;
5902 b11 = (tmp >> 47) | (tmp << (64 - 47));
5903 b10 -= b11 + k10;
5904 b11 -= k11;
5905
5906 tmp = b9 ^ b8;
5907 b9 = (tmp >> 12) | (tmp << (64 - 12));
5908 b8 -= b9 + k8;
5909 b9 -= k9;
5910
5911 tmp = b7 ^ b6;
5912 b7 = (tmp >> 31) | (tmp << (64 - 31));
5913 b6 -= b7 + k6;
5914 b7 -= k7;
5915
5916 tmp = b5 ^ b4;
5917 b5 = (tmp >> 37) | (tmp << (64 - 37));
5918 b4 -= b5 + k4;
5919 b5 -= k5;
5920
5921 tmp = b3 ^ b2;
5922 b3 = (tmp >> 9) | (tmp << (64 - 9));
5923 b2 -= b3 + k2;
5924 b3 -= k3;
5925
5926 tmp = b1 ^ b0;
5927 b1 = (tmp >> 41) | (tmp << (64 - 41));
5928 b0 -= b1 + k0;
5929 b1 -= k1;
5930
5931 tmp = b7 ^ b12;
5932 b7 = (tmp >> 25) | (tmp << (64 - 25));
5933 b12 -= b7;
5934
5935 tmp = b3 ^ b10;
5936 b3 = (tmp >> 16) | (tmp << (64 - 16));
5937 b10 -= b3;
5938
5939 tmp = b5 ^ b8;
5940 b5 = (tmp >> 28) | (tmp << (64 - 28));
5941 b8 -= b5;
5942
5943 tmp = b1 ^ b14;
5944 b1 = (tmp >> 47) | (tmp << (64 - 47));
5945 b14 -= b1;
5946
5947 tmp = b9 ^ b4;
5948 b9 = (tmp >> 41) | (tmp << (64 - 41));
5949 b4 -= b9;
5950
5951 tmp = b13 ^ b6;
5952 b13 = (tmp >> 48) | (tmp << (64 - 48));
5953 b6 -= b13;
5954
5955 tmp = b11 ^ b2;
5956 b11 = (tmp >> 20) | (tmp << (64 - 20));
5957 b2 -= b11;
5958
5959 tmp = b15 ^ b0;
5960 b15 = (tmp >> 5) | (tmp << (64 - 5));
5961 b0 -= b15;
5962
5963 tmp = b9 ^ b10;
5964 b9 = (tmp >> 17) | (tmp << (64 - 17));
5965 b10 -= b9;
5966
5967 tmp = b11 ^ b8;
5968 b11 = (tmp >> 59) | (tmp << (64 - 59));
5969 b8 -= b11;
5970
5971 tmp = b13 ^ b14;
5972 b13 = (tmp >> 41) | (tmp << (64 - 41));
5973 b14 -= b13;
5974
5975 tmp = b15 ^ b12;
5976 b15 = (tmp >> 34) | (tmp << (64 - 34));
5977 b12 -= b15;
5978
5979 tmp = b1 ^ b6;
5980 b1 = (tmp >> 13) | (tmp << (64 - 13));
5981 b6 -= b1;
5982
5983 tmp = b3 ^ b4;
5984 b3 = (tmp >> 51) | (tmp << (64 - 51));
5985 b4 -= b3;
5986
5987 tmp = b5 ^ b2;
5988 b5 = (tmp >> 4) | (tmp << (64 - 4));
5989 b2 -= b5;
5990
5991 tmp = b7 ^ b0;
5992 b7 = (tmp >> 33) | (tmp << (64 - 33));
5993 b0 -= b7;
5994
5995 tmp = b1 ^ b8;
5996 b1 = (tmp >> 52) | (tmp << (64 - 52));
5997 b8 -= b1;
5998
5999 tmp = b5 ^ b14;
6000 b5 = (tmp >> 23) | (tmp << (64 - 23));
6001 b14 -= b5;
6002
6003 tmp = b3 ^ b12;
6004 b3 = (tmp >> 18) | (tmp << (64 - 18));
6005 b12 -= b3;
6006
6007 tmp = b7 ^ b10;
6008 b7 = (tmp >> 49) | (tmp << (64 - 49));
6009 b10 -= b7;
6010
6011 tmp = b15 ^ b4;
6012 b15 = (tmp >> 55) | (tmp << (64 - 55));
6013 b4 -= b15;
6014
6015 tmp = b11 ^ b6;
6016 b11 = (tmp >> 10) | (tmp << (64 - 10));
6017 b6 -= b11;
6018
6019 tmp = b13 ^ b2;
6020 b13 = (tmp >> 19) | (tmp << (64 - 19));
6021 b2 -= b13;
6022
6023 tmp = b9 ^ b0;
6024 b9 = (tmp >> 38) | (tmp << (64 - 38));
6025 b0 -= b9;
6026
6027 tmp = b15 ^ b14;
6028 b15 = (tmp >> 37) | (tmp << (64 - 37));
6029 b14 -= b15 + k13 + t2;
6030 b15 -= k14 + 16;
6031
6032 tmp = b13 ^ b12;
6033 b13 = (tmp >> 22) | (tmp << (64 - 22));
6034 b12 -= b13 + k11;
6035 b13 -= k12 + t1;
6036
6037 tmp = b11 ^ b10;
6038 b11 = (tmp >> 17) | (tmp << (64 - 17));
6039 b10 -= b11 + k9;
6040 b11 -= k10;
6041
6042 tmp = b9 ^ b8;
6043 b9 = (tmp >> 8) | (tmp << (64 - 8));
6044 b8 -= b9 + k7;
6045 b9 -= k8;
6046
6047 tmp = b7 ^ b6;
6048 b7 = (tmp >> 47) | (tmp << (64 - 47));
6049 b6 -= b7 + k5;
6050 b7 -= k6;
6051
6052 tmp = b5 ^ b4;
6053 b5 = (tmp >> 8) | (tmp << (64 - 8));
6054 b4 -= b5 + k3;
6055 b5 -= k4;
6056
6057 tmp = b3 ^ b2;
6058 b3 = (tmp >> 13) | (tmp << (64 - 13));
6059 b2 -= b3 + k1;
6060 b3 -= k2;
6061
6062 tmp = b1 ^ b0;
6063 b1 = (tmp >> 24) | (tmp << (64 - 24));
6064 b0 -= b1 + k16;
6065 b1 -= k0;
6066
6067 tmp = b7 ^ b12;
6068 b7 = (tmp >> 20) | (tmp << (64 - 20));
6069 b12 -= b7;
6070
6071 tmp = b3 ^ b10;
6072 b3 = (tmp >> 37) | (tmp << (64 - 37));
6073 b10 -= b3;
6074
6075 tmp = b5 ^ b8;
6076 b5 = (tmp >> 31) | (tmp << (64 - 31));
6077 b8 -= b5;
6078
6079 tmp = b1 ^ b14;
6080 b1 = (tmp >> 23) | (tmp << (64 - 23));
6081 b14 -= b1;
6082
6083 tmp = b9 ^ b4;
6084 b9 = (tmp >> 52) | (tmp << (64 - 52));
6085 b4 -= b9;
6086
6087 tmp = b13 ^ b6;
6088 b13 = (tmp >> 35) | (tmp << (64 - 35));
6089 b6 -= b13;
6090
6091 tmp = b11 ^ b2;
6092 b11 = (tmp >> 48) | (tmp << (64 - 48));
6093 b2 -= b11;
6094
6095 tmp = b15 ^ b0;
6096 b15 = (tmp >> 9) | (tmp << (64 - 9));
6097 b0 -= b15;
6098
6099 tmp = b9 ^ b10;
6100 b9 = (tmp >> 25) | (tmp << (64 - 25));
6101 b10 -= b9;
6102
6103 tmp = b11 ^ b8;
6104 b11 = (tmp >> 44) | (tmp << (64 - 44));
6105 b8 -= b11;
6106
6107 tmp = b13 ^ b14;
6108 b13 = (tmp >> 42) | (tmp << (64 - 42));
6109 b14 -= b13;
6110
6111 tmp = b15 ^ b12;
6112 b15 = (tmp >> 19) | (tmp << (64 - 19));
6113 b12 -= b15;
6114
6115 tmp = b1 ^ b6;
6116 b1 = (tmp >> 46) | (tmp << (64 - 46));
6117 b6 -= b1;
6118
6119 tmp = b3 ^ b4;
6120 b3 = (tmp >> 47) | (tmp << (64 - 47));
6121 b4 -= b3;
6122
6123 tmp = b5 ^ b2;
6124 b5 = (tmp >> 44) | (tmp << (64 - 44));
6125 b2 -= b5;
6126
6127 tmp = b7 ^ b0;
6128 b7 = (tmp >> 31) | (tmp << (64 - 31));
6129 b0 -= b7;
6130
6131 tmp = b1 ^ b8;
6132 b1 = (tmp >> 41) | (tmp << (64 - 41));
6133 b8 -= b1;
6134
6135 tmp = b5 ^ b14;
6136 b5 = (tmp >> 42) | (tmp << (64 - 42));
6137 b14 -= b5;
6138
6139 tmp = b3 ^ b12;
6140 b3 = (tmp >> 53) | (tmp << (64 - 53));
6141 b12 -= b3;
6142
6143 tmp = b7 ^ b10;
6144 b7 = (tmp >> 4) | (tmp << (64 - 4));
6145 b10 -= b7;
6146
6147 tmp = b15 ^ b4;
6148 b15 = (tmp >> 51) | (tmp << (64 - 51));
6149 b4 -= b15;
6150
6151 tmp = b11 ^ b6;
6152 b11 = (tmp >> 56) | (tmp << (64 - 56));
6153 b6 -= b11;
6154
6155 tmp = b13 ^ b2;
6156 b13 = (tmp >> 34) | (tmp << (64 - 34));
6157 b2 -= b13;
6158
6159 tmp = b9 ^ b0;
6160 b9 = (tmp >> 16) | (tmp << (64 - 16));
6161 b0 -= b9;
6162
6163 tmp = b15 ^ b14;
6164 b15 = (tmp >> 30) | (tmp << (64 - 30));
6165 b14 -= b15 + k12 + t1;
6166 b15 -= k13 + 15;
6167
6168 tmp = b13 ^ b12;
6169 b13 = (tmp >> 44) | (tmp << (64 - 44));
6170 b12 -= b13 + k10;
6171 b13 -= k11 + t0;
6172
6173 tmp = b11 ^ b10;
6174 b11 = (tmp >> 47) | (tmp << (64 - 47));
6175 b10 -= b11 + k8;
6176 b11 -= k9;
6177
6178 tmp = b9 ^ b8;
6179 b9 = (tmp >> 12) | (tmp << (64 - 12));
6180 b8 -= b9 + k6;
6181 b9 -= k7;
6182
6183 tmp = b7 ^ b6;
6184 b7 = (tmp >> 31) | (tmp << (64 - 31));
6185 b6 -= b7 + k4;
6186 b7 -= k5;
6187
6188 tmp = b5 ^ b4;
6189 b5 = (tmp >> 37) | (tmp << (64 - 37));
6190 b4 -= b5 + k2;
6191 b5 -= k3;
6192
6193 tmp = b3 ^ b2;
6194 b3 = (tmp >> 9) | (tmp << (64 - 9));
6195 b2 -= b3 + k0;
6196 b3 -= k1;
6197
6198 tmp = b1 ^ b0;
6199 b1 = (tmp >> 41) | (tmp << (64 - 41));
6200 b0 -= b1 + k15;
6201 b1 -= k16;
6202
6203 tmp = b7 ^ b12;
6204 b7 = (tmp >> 25) | (tmp << (64 - 25));
6205 b12 -= b7;
6206
6207 tmp = b3 ^ b10;
6208 b3 = (tmp >> 16) | (tmp << (64 - 16));
6209 b10 -= b3;
6210
6211 tmp = b5 ^ b8;
6212 b5 = (tmp >> 28) | (tmp << (64 - 28));
6213 b8 -= b5;
6214
6215 tmp = b1 ^ b14;
6216 b1 = (tmp >> 47) | (tmp << (64 - 47));
6217 b14 -= b1;
6218
6219 tmp = b9 ^ b4;
6220 b9 = (tmp >> 41) | (tmp << (64 - 41));
6221 b4 -= b9;
6222
6223 tmp = b13 ^ b6;
6224 b13 = (tmp >> 48) | (tmp << (64 - 48));
6225 b6 -= b13;
6226
6227 tmp = b11 ^ b2;
6228 b11 = (tmp >> 20) | (tmp << (64 - 20));
6229 b2 -= b11;
6230
6231 tmp = b15 ^ b0;
6232 b15 = (tmp >> 5) | (tmp << (64 - 5));
6233 b0 -= b15;
6234
6235 tmp = b9 ^ b10;
6236 b9 = (tmp >> 17) | (tmp << (64 - 17));
6237 b10 -= b9;
6238
6239 tmp = b11 ^ b8;
6240 b11 = (tmp >> 59) | (tmp << (64 - 59));
6241 b8 -= b11;
6242
6243 tmp = b13 ^ b14;
6244 b13 = (tmp >> 41) | (tmp << (64 - 41));
6245 b14 -= b13;
6246
6247 tmp = b15 ^ b12;
6248 b15 = (tmp >> 34) | (tmp << (64 - 34));
6249 b12 -= b15;
6250
6251 tmp = b1 ^ b6;
6252 b1 = (tmp >> 13) | (tmp << (64 - 13));
6253 b6 -= b1;
6254
6255 tmp = b3 ^ b4;
6256 b3 = (tmp >> 51) | (tmp << (64 - 51));
6257 b4 -= b3;
6258
6259 tmp = b5 ^ b2;
6260 b5 = (tmp >> 4) | (tmp << (64 - 4));
6261 b2 -= b5;
6262
6263 tmp = b7 ^ b0;
6264 b7 = (tmp >> 33) | (tmp << (64 - 33));
6265 b0 -= b7;
6266
6267 tmp = b1 ^ b8;
6268 b1 = (tmp >> 52) | (tmp << (64 - 52));
6269 b8 -= b1;
6270
6271 tmp = b5 ^ b14;
6272 b5 = (tmp >> 23) | (tmp << (64 - 23));
6273 b14 -= b5;
6274
6275 tmp = b3 ^ b12;
6276 b3 = (tmp >> 18) | (tmp << (64 - 18));
6277 b12 -= b3;
6278
6279 tmp = b7 ^ b10;
6280 b7 = (tmp >> 49) | (tmp << (64 - 49));
6281 b10 -= b7;
6282
6283 tmp = b15 ^ b4;
6284 b15 = (tmp >> 55) | (tmp << (64 - 55));
6285 b4 -= b15;
6286
6287 tmp = b11 ^ b6;
6288 b11 = (tmp >> 10) | (tmp << (64 - 10));
6289 b6 -= b11;
6290
6291 tmp = b13 ^ b2;
6292 b13 = (tmp >> 19) | (tmp << (64 - 19));
6293 b2 -= b13;
6294
6295 tmp = b9 ^ b0;
6296 b9 = (tmp >> 38) | (tmp << (64 - 38));
6297 b0 -= b9;
6298
6299 tmp = b15 ^ b14;
6300 b15 = (tmp >> 37) | (tmp << (64 - 37));
6301 b14 -= b15 + k11 + t0;
6302 b15 -= k12 + 14;
6303
6304 tmp = b13 ^ b12;
6305 b13 = (tmp >> 22) | (tmp << (64 - 22));
6306 b12 -= b13 + k9;
6307 b13 -= k10 + t2;
6308
6309 tmp = b11 ^ b10;
6310 b11 = (tmp >> 17) | (tmp << (64 - 17));
6311 b10 -= b11 + k7;
6312 b11 -= k8;
6313
6314 tmp = b9 ^ b8;
6315 b9 = (tmp >> 8) | (tmp << (64 - 8));
6316 b8 -= b9 + k5;
6317 b9 -= k6;
6318
6319 tmp = b7 ^ b6;
6320 b7 = (tmp >> 47) | (tmp << (64 - 47));
6321 b6 -= b7 + k3;
6322 b7 -= k4;
6323
6324 tmp = b5 ^ b4;
6325 b5 = (tmp >> 8) | (tmp << (64 - 8));
6326 b4 -= b5 + k1;
6327 b5 -= k2;
6328
6329 tmp = b3 ^ b2;
6330 b3 = (tmp >> 13) | (tmp << (64 - 13));
6331 b2 -= b3 + k16;
6332 b3 -= k0;
6333
6334 tmp = b1 ^ b0;
6335 b1 = (tmp >> 24) | (tmp << (64 - 24));
6336 b0 -= b1 + k14;
6337 b1 -= k15;
6338
6339 tmp = b7 ^ b12;
6340 b7 = (tmp >> 20) | (tmp << (64 - 20));
6341 b12 -= b7;
6342
6343 tmp = b3 ^ b10;
6344 b3 = (tmp >> 37) | (tmp << (64 - 37));
6345 b10 -= b3;
6346
6347 tmp = b5 ^ b8;
6348 b5 = (tmp >> 31) | (tmp << (64 - 31));
6349 b8 -= b5;
6350
6351 tmp = b1 ^ b14;
6352 b1 = (tmp >> 23) | (tmp << (64 - 23));
6353 b14 -= b1;
6354
6355 tmp = b9 ^ b4;
6356 b9 = (tmp >> 52) | (tmp << (64 - 52));
6357 b4 -= b9;
6358
6359 tmp = b13 ^ b6;
6360 b13 = (tmp >> 35) | (tmp << (64 - 35));
6361 b6 -= b13;
6362
6363 tmp = b11 ^ b2;
6364 b11 = (tmp >> 48) | (tmp << (64 - 48));
6365 b2 -= b11;
6366
6367 tmp = b15 ^ b0;
6368 b15 = (tmp >> 9) | (tmp << (64 - 9));
6369 b0 -= b15;
6370
6371 tmp = b9 ^ b10;
6372 b9 = (tmp >> 25) | (tmp << (64 - 25));
6373 b10 -= b9;
6374
6375 tmp = b11 ^ b8;
6376 b11 = (tmp >> 44) | (tmp << (64 - 44));
6377 b8 -= b11;
6378
6379 tmp = b13 ^ b14;
6380 b13 = (tmp >> 42) | (tmp << (64 - 42));
6381 b14 -= b13;
6382
6383 tmp = b15 ^ b12;
6384 b15 = (tmp >> 19) | (tmp << (64 - 19));
6385 b12 -= b15;
6386
6387 tmp = b1 ^ b6;
6388 b1 = (tmp >> 46) | (tmp << (64 - 46));
6389 b6 -= b1;
6390
6391 tmp = b3 ^ b4;
6392 b3 = (tmp >> 47) | (tmp << (64 - 47));
6393 b4 -= b3;
6394
6395 tmp = b5 ^ b2;
6396 b5 = (tmp >> 44) | (tmp << (64 - 44));
6397 b2 -= b5;
6398
6399 tmp = b7 ^ b0;
6400 b7 = (tmp >> 31) | (tmp << (64 - 31));
6401 b0 -= b7;
6402
6403 tmp = b1 ^ b8;
6404 b1 = (tmp >> 41) | (tmp << (64 - 41));
6405 b8 -= b1;
6406
6407 tmp = b5 ^ b14;
6408 b5 = (tmp >> 42) | (tmp << (64 - 42));
6409 b14 -= b5;
6410
6411 tmp = b3 ^ b12;
6412 b3 = (tmp >> 53) | (tmp << (64 - 53));
6413 b12 -= b3;
6414
6415 tmp = b7 ^ b10;
6416 b7 = (tmp >> 4) | (tmp << (64 - 4));
6417 b10 -= b7;
6418
6419 tmp = b15 ^ b4;
6420 b15 = (tmp >> 51) | (tmp << (64 - 51));
6421 b4 -= b15;
6422
6423 tmp = b11 ^ b6;
6424 b11 = (tmp >> 56) | (tmp << (64 - 56));
6425 b6 -= b11;
6426
6427 tmp = b13 ^ b2;
6428 b13 = (tmp >> 34) | (tmp << (64 - 34));
6429 b2 -= b13;
6430
6431 tmp = b9 ^ b0;
6432 b9 = (tmp >> 16) | (tmp << (64 - 16));
6433 b0 -= b9;
6434
6435 tmp = b15 ^ b14;
6436 b15 = (tmp >> 30) | (tmp << (64 - 30));
6437 b14 -= b15 + k10 + t2;
6438 b15 -= k11 + 13;
6439
6440 tmp = b13 ^ b12;
6441 b13 = (tmp >> 44) | (tmp << (64 - 44));
6442 b12 -= b13 + k8;
6443 b13 -= k9 + t1;
6444
6445 tmp = b11 ^ b10;
6446 b11 = (tmp >> 47) | (tmp << (64 - 47));
6447 b10 -= b11 + k6;
6448 b11 -= k7;
6449
6450 tmp = b9 ^ b8;
6451 b9 = (tmp >> 12) | (tmp << (64 - 12));
6452 b8 -= b9 + k4;
6453 b9 -= k5;
6454
6455 tmp = b7 ^ b6;
6456 b7 = (tmp >> 31) | (tmp << (64 - 31));
6457 b6 -= b7 + k2;
6458 b7 -= k3;
6459
6460 tmp = b5 ^ b4;
6461 b5 = (tmp >> 37) | (tmp << (64 - 37));
6462 b4 -= b5 + k0;
6463 b5 -= k1;
6464
6465 tmp = b3 ^ b2;
6466 b3 = (tmp >> 9) | (tmp << (64 - 9));
6467 b2 -= b3 + k15;
6468 b3 -= k16;
6469
6470 tmp = b1 ^ b0;
6471 b1 = (tmp >> 41) | (tmp << (64 - 41));
6472 b0 -= b1 + k13;
6473 b1 -= k14;
6474
6475 tmp = b7 ^ b12;
6476 b7 = (tmp >> 25) | (tmp << (64 - 25));
6477 b12 -= b7;
6478
6479 tmp = b3 ^ b10;
6480 b3 = (tmp >> 16) | (tmp << (64 - 16));
6481 b10 -= b3;
6482
6483 tmp = b5 ^ b8;
6484 b5 = (tmp >> 28) | (tmp << (64 - 28));
6485 b8 -= b5;
6486
6487 tmp = b1 ^ b14;
6488 b1 = (tmp >> 47) | (tmp << (64 - 47));
6489 b14 -= b1;
6490
6491 tmp = b9 ^ b4;
6492 b9 = (tmp >> 41) | (tmp << (64 - 41));
6493 b4 -= b9;
6494
6495 tmp = b13 ^ b6;
6496 b13 = (tmp >> 48) | (tmp << (64 - 48));
6497 b6 -= b13;
6498
6499 tmp = b11 ^ b2;
6500 b11 = (tmp >> 20) | (tmp << (64 - 20));
6501 b2 -= b11;
6502
6503 tmp = b15 ^ b0;
6504 b15 = (tmp >> 5) | (tmp << (64 - 5));
6505 b0 -= b15;
6506
6507 tmp = b9 ^ b10;
6508 b9 = (tmp >> 17) | (tmp << (64 - 17));
6509 b10 -= b9;
6510
6511 tmp = b11 ^ b8;
6512 b11 = (tmp >> 59) | (tmp << (64 - 59));
6513 b8 -= b11;
6514
6515 tmp = b13 ^ b14;
6516 b13 = (tmp >> 41) | (tmp << (64 - 41));
6517 b14 -= b13;
6518
6519 tmp = b15 ^ b12;
6520 b15 = (tmp >> 34) | (tmp << (64 - 34));
6521 b12 -= b15;
6522
6523 tmp = b1 ^ b6;
6524 b1 = (tmp >> 13) | (tmp << (64 - 13));
6525 b6 -= b1;
6526
6527 tmp = b3 ^ b4;
6528 b3 = (tmp >> 51) | (tmp << (64 - 51));
6529 b4 -= b3;
6530
6531 tmp = b5 ^ b2;
6532 b5 = (tmp >> 4) | (tmp << (64 - 4));
6533 b2 -= b5;
6534
6535 tmp = b7 ^ b0;
6536 b7 = (tmp >> 33) | (tmp << (64 - 33));
6537 b0 -= b7;
6538
6539 tmp = b1 ^ b8;
6540 b1 = (tmp >> 52) | (tmp << (64 - 52));
6541 b8 -= b1;
6542
6543 tmp = b5 ^ b14;
6544 b5 = (tmp >> 23) | (tmp << (64 - 23));
6545 b14 -= b5;
6546
6547 tmp = b3 ^ b12;
6548 b3 = (tmp >> 18) | (tmp << (64 - 18));
6549 b12 -= b3;
6550
6551 tmp = b7 ^ b10;
6552 b7 = (tmp >> 49) | (tmp << (64 - 49));
6553 b10 -= b7;
6554
6555 tmp = b15 ^ b4;
6556 b15 = (tmp >> 55) | (tmp << (64 - 55));
6557 b4 -= b15;
6558
6559 tmp = b11 ^ b6;
6560 b11 = (tmp >> 10) | (tmp << (64 - 10));
6561 b6 -= b11;
6562
6563 tmp = b13 ^ b2;
6564 b13 = (tmp >> 19) | (tmp << (64 - 19));
6565 b2 -= b13;
6566
6567 tmp = b9 ^ b0;
6568 b9 = (tmp >> 38) | (tmp << (64 - 38));
6569 b0 -= b9;
6570
6571 tmp = b15 ^ b14;
6572 b15 = (tmp >> 37) | (tmp << (64 - 37));
6573 b14 -= b15 + k9 + t1;
6574 b15 -= k10 + 12;
6575
6576 tmp = b13 ^ b12;
6577 b13 = (tmp >> 22) | (tmp << (64 - 22));
6578 b12 -= b13 + k7;
6579 b13 -= k8 + t0;
6580
6581 tmp = b11 ^ b10;
6582 b11 = (tmp >> 17) | (tmp << (64 - 17));
6583 b10 -= b11 + k5;
6584 b11 -= k6;
6585
6586 tmp = b9 ^ b8;
6587 b9 = (tmp >> 8) | (tmp << (64 - 8));
6588 b8 -= b9 + k3;
6589 b9 -= k4;
6590
6591 tmp = b7 ^ b6;
6592 b7 = (tmp >> 47) | (tmp << (64 - 47));
6593 b6 -= b7 + k1;
6594 b7 -= k2;
6595
6596 tmp = b5 ^ b4;
6597 b5 = (tmp >> 8) | (tmp << (64 - 8));
6598 b4 -= b5 + k16;
6599 b5 -= k0;
6600
6601 tmp = b3 ^ b2;
6602 b3 = (tmp >> 13) | (tmp << (64 - 13));
6603 b2 -= b3 + k14;
6604 b3 -= k15;
6605
6606 tmp = b1 ^ b0;
6607 b1 = (tmp >> 24) | (tmp << (64 - 24));
6608 b0 -= b1 + k12;
6609 b1 -= k13;
6610
6611 tmp = b7 ^ b12;
6612 b7 = (tmp >> 20) | (tmp << (64 - 20));
6613 b12 -= b7;
6614
6615 tmp = b3 ^ b10;
6616 b3 = (tmp >> 37) | (tmp << (64 - 37));
6617 b10 -= b3;
6618
6619 tmp = b5 ^ b8;
6620 b5 = (tmp >> 31) | (tmp << (64 - 31));
6621 b8 -= b5;
6622
6623 tmp = b1 ^ b14;
6624 b1 = (tmp >> 23) | (tmp << (64 - 23));
6625 b14 -= b1;
6626
6627 tmp = b9 ^ b4;
6628 b9 = (tmp >> 52) | (tmp << (64 - 52));
6629 b4 -= b9;
6630
6631 tmp = b13 ^ b6;
6632 b13 = (tmp >> 35) | (tmp << (64 - 35));
6633 b6 -= b13;
6634
6635 tmp = b11 ^ b2;
6636 b11 = (tmp >> 48) | (tmp << (64 - 48));
6637 b2 -= b11;
6638
6639 tmp = b15 ^ b0;
6640 b15 = (tmp >> 9) | (tmp << (64 - 9));
6641 b0 -= b15;
6642
6643 tmp = b9 ^ b10;
6644 b9 = (tmp >> 25) | (tmp << (64 - 25));
6645 b10 -= b9;
6646
6647 tmp = b11 ^ b8;
6648 b11 = (tmp >> 44) | (tmp << (64 - 44));
6649 b8 -= b11;
6650
6651 tmp = b13 ^ b14;
6652 b13 = (tmp >> 42) | (tmp << (64 - 42));
6653 b14 -= b13;
6654
6655 tmp = b15 ^ b12;
6656 b15 = (tmp >> 19) | (tmp << (64 - 19));
6657 b12 -= b15;
6658
6659 tmp = b1 ^ b6;
6660 b1 = (tmp >> 46) | (tmp << (64 - 46));
6661 b6 -= b1;
6662
6663 tmp = b3 ^ b4;
6664 b3 = (tmp >> 47) | (tmp << (64 - 47));
6665 b4 -= b3;
6666
6667 tmp = b5 ^ b2;
6668 b5 = (tmp >> 44) | (tmp << (64 - 44));
6669 b2 -= b5;
6670
6671 tmp = b7 ^ b0;
6672 b7 = (tmp >> 31) | (tmp << (64 - 31));
6673 b0 -= b7;
6674
6675 tmp = b1 ^ b8;
6676 b1 = (tmp >> 41) | (tmp << (64 - 41));
6677 b8 -= b1;
6678
6679 tmp = b5 ^ b14;
6680 b5 = (tmp >> 42) | (tmp << (64 - 42));
6681 b14 -= b5;
6682
6683 tmp = b3 ^ b12;
6684 b3 = (tmp >> 53) | (tmp << (64 - 53));
6685 b12 -= b3;
6686
6687 tmp = b7 ^ b10;
6688 b7 = (tmp >> 4) | (tmp << (64 - 4));
6689 b10 -= b7;
6690
6691 tmp = b15 ^ b4;
6692 b15 = (tmp >> 51) | (tmp << (64 - 51));
6693 b4 -= b15;
6694
6695 tmp = b11 ^ b6;
6696 b11 = (tmp >> 56) | (tmp << (64 - 56));
6697 b6 -= b11;
6698
6699 tmp = b13 ^ b2;
6700 b13 = (tmp >> 34) | (tmp << (64 - 34));
6701 b2 -= b13;
6702
6703 tmp = b9 ^ b0;
6704 b9 = (tmp >> 16) | (tmp << (64 - 16));
6705 b0 -= b9;
6706
6707 tmp = b15 ^ b14;
6708 b15 = (tmp >> 30) | (tmp << (64 - 30));
6709 b14 -= b15 + k8 + t0;
6710 b15 -= k9 + 11;
6711
6712 tmp = b13 ^ b12;
6713 b13 = (tmp >> 44) | (tmp << (64 - 44));
6714 b12 -= b13 + k6;
6715 b13 -= k7 + t2;
6716
6717 tmp = b11 ^ b10;
6718 b11 = (tmp >> 47) | (tmp << (64 - 47));
6719 b10 -= b11 + k4;
6720 b11 -= k5;
6721
6722 tmp = b9 ^ b8;
6723 b9 = (tmp >> 12) | (tmp << (64 - 12));
6724 b8 -= b9 + k2;
6725 b9 -= k3;
6726
6727 tmp = b7 ^ b6;
6728 b7 = (tmp >> 31) | (tmp << (64 - 31));
6729 b6 -= b7 + k0;
6730 b7 -= k1;
6731
6732 tmp = b5 ^ b4;
6733 b5 = (tmp >> 37) | (tmp << (64 - 37));
6734 b4 -= b5 + k15;
6735 b5 -= k16;
6736
6737 tmp = b3 ^ b2;
6738 b3 = (tmp >> 9) | (tmp << (64 - 9));
6739 b2 -= b3 + k13;
6740 b3 -= k14;
6741
6742 tmp = b1 ^ b0;
6743 b1 = (tmp >> 41) | (tmp << (64 - 41));
6744 b0 -= b1 + k11;
6745 b1 -= k12;
6746
6747 tmp = b7 ^ b12;
6748 b7 = (tmp >> 25) | (tmp << (64 - 25));
6749 b12 -= b7;
6750
6751 tmp = b3 ^ b10;
6752 b3 = (tmp >> 16) | (tmp << (64 - 16));
6753 b10 -= b3;
6754
6755 tmp = b5 ^ b8;
6756 b5 = (tmp >> 28) | (tmp << (64 - 28));
6757 b8 -= b5;
6758
6759 tmp = b1 ^ b14;
6760 b1 = (tmp >> 47) | (tmp << (64 - 47));
6761 b14 -= b1;
6762
6763 tmp = b9 ^ b4;
6764 b9 = (tmp >> 41) | (tmp << (64 - 41));
6765 b4 -= b9;
6766
6767 tmp = b13 ^ b6;
6768 b13 = (tmp >> 48) | (tmp << (64 - 48));
6769 b6 -= b13;
6770
6771 tmp = b11 ^ b2;
6772 b11 = (tmp >> 20) | (tmp << (64 - 20));
6773 b2 -= b11;
6774
6775 tmp = b15 ^ b0;
6776 b15 = (tmp >> 5) | (tmp << (64 - 5));
6777 b0 -= b15;
6778
6779 tmp = b9 ^ b10;
6780 b9 = (tmp >> 17) | (tmp << (64 - 17));
6781 b10 -= b9;
6782
6783 tmp = b11 ^ b8;
6784 b11 = (tmp >> 59) | (tmp << (64 - 59));
6785 b8 -= b11;
6786
6787 tmp = b13 ^ b14;
6788 b13 = (tmp >> 41) | (tmp << (64 - 41));
6789 b14 -= b13;
6790
6791 tmp = b15 ^ b12;
6792 b15 = (tmp >> 34) | (tmp << (64 - 34));
6793 b12 -= b15;
6794
6795 tmp = b1 ^ b6;
6796 b1 = (tmp >> 13) | (tmp << (64 - 13));
6797 b6 -= b1;
6798
6799 tmp = b3 ^ b4;
6800 b3 = (tmp >> 51) | (tmp << (64 - 51));
6801 b4 -= b3;
6802
6803 tmp = b5 ^ b2;
6804 b5 = (tmp >> 4) | (tmp << (64 - 4));
6805 b2 -= b5;
6806
6807 tmp = b7 ^ b0;
6808 b7 = (tmp >> 33) | (tmp << (64 - 33));
6809 b0 -= b7;
6810
6811 tmp = b1 ^ b8;
6812 b1 = (tmp >> 52) | (tmp << (64 - 52));
6813 b8 -= b1;
6814
6815 tmp = b5 ^ b14;
6816 b5 = (tmp >> 23) | (tmp << (64 - 23));
6817 b14 -= b5;
6818
6819 tmp = b3 ^ b12;
6820 b3 = (tmp >> 18) | (tmp << (64 - 18));
6821 b12 -= b3;
6822
6823 tmp = b7 ^ b10;
6824 b7 = (tmp >> 49) | (tmp << (64 - 49));
6825 b10 -= b7;
6826
6827 tmp = b15 ^ b4;
6828 b15 = (tmp >> 55) | (tmp << (64 - 55));
6829 b4 -= b15;
6830
6831 tmp = b11 ^ b6;
6832 b11 = (tmp >> 10) | (tmp << (64 - 10));
6833 b6 -= b11;
6834
6835 tmp = b13 ^ b2;
6836 b13 = (tmp >> 19) | (tmp << (64 - 19));
6837 b2 -= b13;
6838
6839 tmp = b9 ^ b0;
6840 b9 = (tmp >> 38) | (tmp << (64 - 38));
6841 b0 -= b9;
6842
6843 tmp = b15 ^ b14;
6844 b15 = (tmp >> 37) | (tmp << (64 - 37));
6845 b14 -= b15 + k7 + t2;
6846 b15 -= k8 + 10;
6847
6848 tmp = b13 ^ b12;
6849 b13 = (tmp >> 22) | (tmp << (64 - 22));
6850 b12 -= b13 + k5;
6851 b13 -= k6 + t1;
6852
6853 tmp = b11 ^ b10;
6854 b11 = (tmp >> 17) | (tmp << (64 - 17));
6855 b10 -= b11 + k3;
6856 b11 -= k4;
6857
6858 tmp = b9 ^ b8;
6859 b9 = (tmp >> 8) | (tmp << (64 - 8));
6860 b8 -= b9 + k1;
6861 b9 -= k2;
6862
6863 tmp = b7 ^ b6;
6864 b7 = (tmp >> 47) | (tmp << (64 - 47));
6865 b6 -= b7 + k16;
6866 b7 -= k0;
6867
6868 tmp = b5 ^ b4;
6869 b5 = (tmp >> 8) | (tmp << (64 - 8));
6870 b4 -= b5 + k14;
6871 b5 -= k15;
6872
6873 tmp = b3 ^ b2;
6874 b3 = (tmp >> 13) | (tmp << (64 - 13));
6875 b2 -= b3 + k12;
6876 b3 -= k13;
6877
6878 tmp = b1 ^ b0;
6879 b1 = (tmp >> 24) | (tmp << (64 - 24));
6880 b0 -= b1 + k10;
6881 b1 -= k11;
6882
6883 tmp = b7 ^ b12;
6884 b7 = (tmp >> 20) | (tmp << (64 - 20));
6885 b12 -= b7;
6886
6887 tmp = b3 ^ b10;
6888 b3 = (tmp >> 37) | (tmp << (64 - 37));
6889 b10 -= b3;
6890
6891 tmp = b5 ^ b8;
6892 b5 = (tmp >> 31) | (tmp << (64 - 31));
6893 b8 -= b5;
6894
6895 tmp = b1 ^ b14;
6896 b1 = (tmp >> 23) | (tmp << (64 - 23));
6897 b14 -= b1;
6898
6899 tmp = b9 ^ b4;
6900 b9 = (tmp >> 52) | (tmp << (64 - 52));
6901 b4 -= b9;
6902
6903 tmp = b13 ^ b6;
6904 b13 = (tmp >> 35) | (tmp << (64 - 35));
6905 b6 -= b13;
6906
6907 tmp = b11 ^ b2;
6908 b11 = (tmp >> 48) | (tmp << (64 - 48));
6909 b2 -= b11;
6910
6911 tmp = b15 ^ b0;
6912 b15 = (tmp >> 9) | (tmp << (64 - 9));
6913 b0 -= b15;
6914
6915 tmp = b9 ^ b10;
6916 b9 = (tmp >> 25) | (tmp << (64 - 25));
6917 b10 -= b9;
6918
6919 tmp = b11 ^ b8;
6920 b11 = (tmp >> 44) | (tmp << (64 - 44));
6921 b8 -= b11;
6922
6923 tmp = b13 ^ b14;
6924 b13 = (tmp >> 42) | (tmp << (64 - 42));
6925 b14 -= b13;
6926
6927 tmp = b15 ^ b12;
6928 b15 = (tmp >> 19) | (tmp << (64 - 19));
6929 b12 -= b15;
6930
6931 tmp = b1 ^ b6;
6932 b1 = (tmp >> 46) | (tmp << (64 - 46));
6933 b6 -= b1;
6934
6935 tmp = b3 ^ b4;
6936 b3 = (tmp >> 47) | (tmp << (64 - 47));
6937 b4 -= b3;
6938
6939 tmp = b5 ^ b2;
6940 b5 = (tmp >> 44) | (tmp << (64 - 44));
6941 b2 -= b5;
6942
6943 tmp = b7 ^ b0;
6944 b7 = (tmp >> 31) | (tmp << (64 - 31));
6945 b0 -= b7;
6946
6947 tmp = b1 ^ b8;
6948 b1 = (tmp >> 41) | (tmp << (64 - 41));
6949 b8 -= b1;
6950
6951 tmp = b5 ^ b14;
6952 b5 = (tmp >> 42) | (tmp << (64 - 42));
6953 b14 -= b5;
6954
6955 tmp = b3 ^ b12;
6956 b3 = (tmp >> 53) | (tmp << (64 - 53));
6957 b12 -= b3;
6958
6959 tmp = b7 ^ b10;
6960 b7 = (tmp >> 4) | (tmp << (64 - 4));
6961 b10 -= b7;
6962
6963 tmp = b15 ^ b4;
6964 b15 = (tmp >> 51) | (tmp << (64 - 51));
6965 b4 -= b15;
6966
6967 tmp = b11 ^ b6;
6968 b11 = (tmp >> 56) | (tmp << (64 - 56));
6969 b6 -= b11;
6970
6971 tmp = b13 ^ b2;
6972 b13 = (tmp >> 34) | (tmp << (64 - 34));
6973 b2 -= b13;
6974
6975 tmp = b9 ^ b0;
6976 b9 = (tmp >> 16) | (tmp << (64 - 16));
6977 b0 -= b9;
6978
6979 tmp = b15 ^ b14;
6980 b15 = (tmp >> 30) | (tmp << (64 - 30));
6981 b14 -= b15 + k6 + t1;
6982 b15 -= k7 + 9;
6983
6984 tmp = b13 ^ b12;
6985 b13 = (tmp >> 44) | (tmp << (64 - 44));
6986 b12 -= b13 + k4;
6987 b13 -= k5 + t0;
6988
6989 tmp = b11 ^ b10;
6990 b11 = (tmp >> 47) | (tmp << (64 - 47));
6991 b10 -= b11 + k2;
6992 b11 -= k3;
6993
6994 tmp = b9 ^ b8;
6995 b9 = (tmp >> 12) | (tmp << (64 - 12));
6996 b8 -= b9 + k0;
6997 b9 -= k1;
6998
6999 tmp = b7 ^ b6;
7000 b7 = (tmp >> 31) | (tmp << (64 - 31));
7001 b6 -= b7 + k15;
7002 b7 -= k16;
7003
7004 tmp = b5 ^ b4;
7005 b5 = (tmp >> 37) | (tmp << (64 - 37));
7006 b4 -= b5 + k13;
7007 b5 -= k14;
7008
7009 tmp = b3 ^ b2;
7010 b3 = (tmp >> 9) | (tmp << (64 - 9));
7011 b2 -= b3 + k11;
7012 b3 -= k12;
7013
7014 tmp = b1 ^ b0;
7015 b1 = (tmp >> 41) | (tmp << (64 - 41));
7016 b0 -= b1 + k9;
7017 b1 -= k10;
7018
7019 tmp = b7 ^ b12;
7020 b7 = (tmp >> 25) | (tmp << (64 - 25));
7021 b12 -= b7;
7022
7023 tmp = b3 ^ b10;
7024 b3 = (tmp >> 16) | (tmp << (64 - 16));
7025 b10 -= b3;
7026
7027 tmp = b5 ^ b8;
7028 b5 = (tmp >> 28) | (tmp << (64 - 28));
7029 b8 -= b5;
7030
7031 tmp = b1 ^ b14;
7032 b1 = (tmp >> 47) | (tmp << (64 - 47));
7033 b14 -= b1;
7034
7035 tmp = b9 ^ b4;
7036 b9 = (tmp >> 41) | (tmp << (64 - 41));
7037 b4 -= b9;
7038
7039 tmp = b13 ^ b6;
7040 b13 = (tmp >> 48) | (tmp << (64 - 48));
7041 b6 -= b13;
7042
7043 tmp = b11 ^ b2;
7044 b11 = (tmp >> 20) | (tmp << (64 - 20));
7045 b2 -= b11;
7046
7047 tmp = b15 ^ b0;
7048 b15 = (tmp >> 5) | (tmp << (64 - 5));
7049 b0 -= b15;
7050
7051 tmp = b9 ^ b10;
7052 b9 = (tmp >> 17) | (tmp << (64 - 17));
7053 b10 -= b9;
7054
7055 tmp = b11 ^ b8;
7056 b11 = (tmp >> 59) | (tmp << (64 - 59));
7057 b8 -= b11;
7058
7059 tmp = b13 ^ b14;
7060 b13 = (tmp >> 41) | (tmp << (64 - 41));
7061 b14 -= b13;
7062
7063 tmp = b15 ^ b12;
7064 b15 = (tmp >> 34) | (tmp << (64 - 34));
7065 b12 -= b15;
7066
7067 tmp = b1 ^ b6;
7068 b1 = (tmp >> 13) | (tmp << (64 - 13));
7069 b6 -= b1;
7070
7071 tmp = b3 ^ b4;
7072 b3 = (tmp >> 51) | (tmp << (64 - 51));
7073 b4 -= b3;
7074
7075 tmp = b5 ^ b2;
7076 b5 = (tmp >> 4) | (tmp << (64 - 4));
7077 b2 -= b5;
7078
7079 tmp = b7 ^ b0;
7080 b7 = (tmp >> 33) | (tmp << (64 - 33));
7081 b0 -= b7;
7082
7083 tmp = b1 ^ b8;
7084 b1 = (tmp >> 52) | (tmp << (64 - 52));
7085 b8 -= b1;
7086
7087 tmp = b5 ^ b14;
7088 b5 = (tmp >> 23) | (tmp << (64 - 23));
7089 b14 -= b5;
7090
7091 tmp = b3 ^ b12;
7092 b3 = (tmp >> 18) | (tmp << (64 - 18));
7093 b12 -= b3;
7094
7095 tmp = b7 ^ b10;
7096 b7 = (tmp >> 49) | (tmp << (64 - 49));
7097 b10 -= b7;
7098
7099 tmp = b15 ^ b4;
7100 b15 = (tmp >> 55) | (tmp << (64 - 55));
7101 b4 -= b15;
7102
7103 tmp = b11 ^ b6;
7104 b11 = (tmp >> 10) | (tmp << (64 - 10));
7105 b6 -= b11;
7106
7107 tmp = b13 ^ b2;
7108 b13 = (tmp >> 19) | (tmp << (64 - 19));
7109 b2 -= b13;
7110
7111 tmp = b9 ^ b0;
7112 b9 = (tmp >> 38) | (tmp << (64 - 38));
7113 b0 -= b9;
7114
7115 tmp = b15 ^ b14;
7116 b15 = (tmp >> 37) | (tmp << (64 - 37));
7117 b14 -= b15 + k5 + t0;
7118 b15 -= k6 + 8;
7119
7120 tmp = b13 ^ b12;
7121 b13 = (tmp >> 22) | (tmp << (64 - 22));
7122 b12 -= b13 + k3;
7123 b13 -= k4 + t2;
7124
7125 tmp = b11 ^ b10;
7126 b11 = (tmp >> 17) | (tmp << (64 - 17));
7127 b10 -= b11 + k1;
7128 b11 -= k2;
7129
7130 tmp = b9 ^ b8;
7131 b9 = (tmp >> 8) | (tmp << (64 - 8));
7132 b8 -= b9 + k16;
7133 b9 -= k0;
7134
7135 tmp = b7 ^ b6;
7136 b7 = (tmp >> 47) | (tmp << (64 - 47));
7137 b6 -= b7 + k14;
7138 b7 -= k15;
7139
7140 tmp = b5 ^ b4;
7141 b5 = (tmp >> 8) | (tmp << (64 - 8));
7142 b4 -= b5 + k12;
7143 b5 -= k13;
7144
7145 tmp = b3 ^ b2;
7146 b3 = (tmp >> 13) | (tmp << (64 - 13));
7147 b2 -= b3 + k10;
7148 b3 -= k11;
7149
7150 tmp = b1 ^ b0;
7151 b1 = (tmp >> 24) | (tmp << (64 - 24));
7152 b0 -= b1 + k8;
7153 b1 -= k9;
7154
7155 tmp = b7 ^ b12;
7156 b7 = (tmp >> 20) | (tmp << (64 - 20));
7157 b12 -= b7;
7158
7159 tmp = b3 ^ b10;
7160 b3 = (tmp >> 37) | (tmp << (64 - 37));
7161 b10 -= b3;
7162
7163 tmp = b5 ^ b8;
7164 b5 = (tmp >> 31) | (tmp << (64 - 31));
7165 b8 -= b5;
7166
7167 tmp = b1 ^ b14;
7168 b1 = (tmp >> 23) | (tmp << (64 - 23));
7169 b14 -= b1;
7170
7171 tmp = b9 ^ b4;
7172 b9 = (tmp >> 52) | (tmp << (64 - 52));
7173 b4 -= b9;
7174
7175 tmp = b13 ^ b6;
7176 b13 = (tmp >> 35) | (tmp << (64 - 35));
7177 b6 -= b13;
7178
7179 tmp = b11 ^ b2;
7180 b11 = (tmp >> 48) | (tmp << (64 - 48));
7181 b2 -= b11;
7182
7183 tmp = b15 ^ b0;
7184 b15 = (tmp >> 9) | (tmp << (64 - 9));
7185 b0 -= b15;
7186
7187 tmp = b9 ^ b10;
7188 b9 = (tmp >> 25) | (tmp << (64 - 25));
7189 b10 -= b9;
7190
7191 tmp = b11 ^ b8;
7192 b11 = (tmp >> 44) | (tmp << (64 - 44));
7193 b8 -= b11;
7194
7195 tmp = b13 ^ b14;
7196 b13 = (tmp >> 42) | (tmp << (64 - 42));
7197 b14 -= b13;
7198
7199 tmp = b15 ^ b12;
7200 b15 = (tmp >> 19) | (tmp << (64 - 19));
7201 b12 -= b15;
7202
7203 tmp = b1 ^ b6;
7204 b1 = (tmp >> 46) | (tmp << (64 - 46));
7205 b6 -= b1;
7206
7207 tmp = b3 ^ b4;
7208 b3 = (tmp >> 47) | (tmp << (64 - 47));
7209 b4 -= b3;
7210
7211 tmp = b5 ^ b2;
7212 b5 = (tmp >> 44) | (tmp << (64 - 44));
7213 b2 -= b5;
7214
7215 tmp = b7 ^ b0;
7216 b7 = (tmp >> 31) | (tmp << (64 - 31));
7217 b0 -= b7;
7218
7219 tmp = b1 ^ b8;
7220 b1 = (tmp >> 41) | (tmp << (64 - 41));
7221 b8 -= b1;
7222
7223 tmp = b5 ^ b14;
7224 b5 = (tmp >> 42) | (tmp << (64 - 42));
7225 b14 -= b5;
7226
7227 tmp = b3 ^ b12;
7228 b3 = (tmp >> 53) | (tmp << (64 - 53));
7229 b12 -= b3;
7230
7231 tmp = b7 ^ b10;
7232 b7 = (tmp >> 4) | (tmp << (64 - 4));
7233 b10 -= b7;
7234
7235 tmp = b15 ^ b4;
7236 b15 = (tmp >> 51) | (tmp << (64 - 51));
7237 b4 -= b15;
7238
7239 tmp = b11 ^ b6;
7240 b11 = (tmp >> 56) | (tmp << (64 - 56));
7241 b6 -= b11;
7242
7243 tmp = b13 ^ b2;
7244 b13 = (tmp >> 34) | (tmp << (64 - 34));
7245 b2 -= b13;
7246
7247 tmp = b9 ^ b0;
7248 b9 = (tmp >> 16) | (tmp << (64 - 16));
7249 b0 -= b9;
7250
7251 tmp = b15 ^ b14;
7252 b15 = (tmp >> 30) | (tmp << (64 - 30));
7253 b14 -= b15 + k4 + t2;
7254 b15 -= k5 + 7;
7255
7256 tmp = b13 ^ b12;
7257 b13 = (tmp >> 44) | (tmp << (64 - 44));
7258 b12 -= b13 + k2;
7259 b13 -= k3 + t1;
7260
7261 tmp = b11 ^ b10;
7262 b11 = (tmp >> 47) | (tmp << (64 - 47));
7263 b10 -= b11 + k0;
7264 b11 -= k1;
7265
7266 tmp = b9 ^ b8;
7267 b9 = (tmp >> 12) | (tmp << (64 - 12));
7268 b8 -= b9 + k15;
7269 b9 -= k16;
7270
7271 tmp = b7 ^ b6;
7272 b7 = (tmp >> 31) | (tmp << (64 - 31));
7273 b6 -= b7 + k13;
7274 b7 -= k14;
7275
7276 tmp = b5 ^ b4;
7277 b5 = (tmp >> 37) | (tmp << (64 - 37));
7278 b4 -= b5 + k11;
7279 b5 -= k12;
7280
7281 tmp = b3 ^ b2;
7282 b3 = (tmp >> 9) | (tmp << (64 - 9));
7283 b2 -= b3 + k9;
7284 b3 -= k10;
7285
7286 tmp = b1 ^ b0;
7287 b1 = (tmp >> 41) | (tmp << (64 - 41));
7288 b0 -= b1 + k7;
7289 b1 -= k8;
7290
7291 tmp = b7 ^ b12;
7292 b7 = (tmp >> 25) | (tmp << (64 - 25));
7293 b12 -= b7;
7294
7295 tmp = b3 ^ b10;
7296 b3 = (tmp >> 16) | (tmp << (64 - 16));
7297 b10 -= b3;
7298
7299 tmp = b5 ^ b8;
7300 b5 = (tmp >> 28) | (tmp << (64 - 28));
7301 b8 -= b5;
7302
7303 tmp = b1 ^ b14;
7304 b1 = (tmp >> 47) | (tmp << (64 - 47));
7305 b14 -= b1;
7306
7307 tmp = b9 ^ b4;
7308 b9 = (tmp >> 41) | (tmp << (64 - 41));
7309 b4 -= b9;
7310
7311 tmp = b13 ^ b6;
7312 b13 = (tmp >> 48) | (tmp << (64 - 48));
7313 b6 -= b13;
7314
7315 tmp = b11 ^ b2;
7316 b11 = (tmp >> 20) | (tmp << (64 - 20));
7317 b2 -= b11;
7318
7319 tmp = b15 ^ b0;
7320 b15 = (tmp >> 5) | (tmp << (64 - 5));
7321 b0 -= b15;
7322
7323 tmp = b9 ^ b10;
7324 b9 = (tmp >> 17) | (tmp << (64 - 17));
7325 b10 -= b9;
7326
7327 tmp = b11 ^ b8;
7328 b11 = (tmp >> 59) | (tmp << (64 - 59));
7329 b8 -= b11;
7330
7331 tmp = b13 ^ b14;
7332 b13 = (tmp >> 41) | (tmp << (64 - 41));
7333 b14 -= b13;
7334
7335 tmp = b15 ^ b12;
7336 b15 = (tmp >> 34) | (tmp << (64 - 34));
7337 b12 -= b15;
7338
7339 tmp = b1 ^ b6;
7340 b1 = (tmp >> 13) | (tmp << (64 - 13));
7341 b6 -= b1;
7342
7343 tmp = b3 ^ b4;
7344 b3 = (tmp >> 51) | (tmp << (64 - 51));
7345 b4 -= b3;
7346
7347 tmp = b5 ^ b2;
7348 b5 = (tmp >> 4) | (tmp << (64 - 4));
7349 b2 -= b5;
7350
7351 tmp = b7 ^ b0;
7352 b7 = (tmp >> 33) | (tmp << (64 - 33));
7353 b0 -= b7;
7354
7355 tmp = b1 ^ b8;
7356 b1 = (tmp >> 52) | (tmp << (64 - 52));
7357 b8 -= b1;
7358
7359 tmp = b5 ^ b14;
7360 b5 = (tmp >> 23) | (tmp << (64 - 23));
7361 b14 -= b5;
7362
7363 tmp = b3 ^ b12;
7364 b3 = (tmp >> 18) | (tmp << (64 - 18));
7365 b12 -= b3;
7366
7367 tmp = b7 ^ b10;
7368 b7 = (tmp >> 49) | (tmp << (64 - 49));
7369 b10 -= b7;
7370
7371 tmp = b15 ^ b4;
7372 b15 = (tmp >> 55) | (tmp << (64 - 55));
7373 b4 -= b15;
7374
7375 tmp = b11 ^ b6;
7376 b11 = (tmp >> 10) | (tmp << (64 - 10));
7377 b6 -= b11;
7378
7379 tmp = b13 ^ b2;
7380 b13 = (tmp >> 19) | (tmp << (64 - 19));
7381 b2 -= b13;
7382
7383 tmp = b9 ^ b0;
7384 b9 = (tmp >> 38) | (tmp << (64 - 38));
7385 b0 -= b9;
7386
7387 tmp = b15 ^ b14;
7388 b15 = (tmp >> 37) | (tmp << (64 - 37));
7389 b14 -= b15 + k3 + t1;
7390 b15 -= k4 + 6;
7391
7392 tmp = b13 ^ b12;
7393 b13 = (tmp >> 22) | (tmp << (64 - 22));
7394 b12 -= b13 + k1;
7395 b13 -= k2 + t0;
7396
7397 tmp = b11 ^ b10;
7398 b11 = (tmp >> 17) | (tmp << (64 - 17));
7399 b10 -= b11 + k16;
7400 b11 -= k0;
7401
7402 tmp = b9 ^ b8;
7403 b9 = (tmp >> 8) | (tmp << (64 - 8));
7404 b8 -= b9 + k14;
7405 b9 -= k15;
7406
7407 tmp = b7 ^ b6;
7408 b7 = (tmp >> 47) | (tmp << (64 - 47));
7409 b6 -= b7 + k12;
7410 b7 -= k13;
7411
7412 tmp = b5 ^ b4;
7413 b5 = (tmp >> 8) | (tmp << (64 - 8));
7414 b4 -= b5 + k10;
7415 b5 -= k11;
7416
7417 tmp = b3 ^ b2;
7418 b3 = (tmp >> 13) | (tmp << (64 - 13));
7419 b2 -= b3 + k8;
7420 b3 -= k9;
7421
7422 tmp = b1 ^ b0;
7423 b1 = (tmp >> 24) | (tmp << (64 - 24));
7424 b0 -= b1 + k6;
7425 b1 -= k7;
7426
7427 tmp = b7 ^ b12;
7428 b7 = (tmp >> 20) | (tmp << (64 - 20));
7429 b12 -= b7;
7430
7431 tmp = b3 ^ b10;
7432 b3 = (tmp >> 37) | (tmp << (64 - 37));
7433 b10 -= b3;
7434
7435 tmp = b5 ^ b8;
7436 b5 = (tmp >> 31) | (tmp << (64 - 31));
7437 b8 -= b5;
7438
7439 tmp = b1 ^ b14;
7440 b1 = (tmp >> 23) | (tmp << (64 - 23));
7441 b14 -= b1;
7442
7443 tmp = b9 ^ b4;
7444 b9 = (tmp >> 52) | (tmp << (64 - 52));
7445 b4 -= b9;
7446
7447 tmp = b13 ^ b6;
7448 b13 = (tmp >> 35) | (tmp << (64 - 35));
7449 b6 -= b13;
7450
7451 tmp = b11 ^ b2;
7452 b11 = (tmp >> 48) | (tmp << (64 - 48));
7453 b2 -= b11;
7454
7455 tmp = b15 ^ b0;
7456 b15 = (tmp >> 9) | (tmp << (64 - 9));
7457 b0 -= b15;
7458
7459 tmp = b9 ^ b10;
7460 b9 = (tmp >> 25) | (tmp << (64 - 25));
7461 b10 -= b9;
7462
7463 tmp = b11 ^ b8;
7464 b11 = (tmp >> 44) | (tmp << (64 - 44));
7465 b8 -= b11;
7466
7467 tmp = b13 ^ b14;
7468 b13 = (tmp >> 42) | (tmp << (64 - 42));
7469 b14 -= b13;
7470
7471 tmp = b15 ^ b12;
7472 b15 = (tmp >> 19) | (tmp << (64 - 19));
7473 b12 -= b15;
7474
7475 tmp = b1 ^ b6;
7476 b1 = (tmp >> 46) | (tmp << (64 - 46));
7477 b6 -= b1;
7478
7479 tmp = b3 ^ b4;
7480 b3 = (tmp >> 47) | (tmp << (64 - 47));
7481 b4 -= b3;
7482
7483 tmp = b5 ^ b2;
7484 b5 = (tmp >> 44) | (tmp << (64 - 44));
7485 b2 -= b5;
7486
7487 tmp = b7 ^ b0;
7488 b7 = (tmp >> 31) | (tmp << (64 - 31));
7489 b0 -= b7;
7490
7491 tmp = b1 ^ b8;
7492 b1 = (tmp >> 41) | (tmp << (64 - 41));
7493 b8 -= b1;
7494
7495 tmp = b5 ^ b14;
7496 b5 = (tmp >> 42) | (tmp << (64 - 42));
7497 b14 -= b5;
7498
7499 tmp = b3 ^ b12;
7500 b3 = (tmp >> 53) | (tmp << (64 - 53));
7501 b12 -= b3;
7502
7503 tmp = b7 ^ b10;
7504 b7 = (tmp >> 4) | (tmp << (64 - 4));
7505 b10 -= b7;
7506
7507 tmp = b15 ^ b4;
7508 b15 = (tmp >> 51) | (tmp << (64 - 51));
7509 b4 -= b15;
7510
7511 tmp = b11 ^ b6;
7512 b11 = (tmp >> 56) | (tmp << (64 - 56));
7513 b6 -= b11;
7514
7515 tmp = b13 ^ b2;
7516 b13 = (tmp >> 34) | (tmp << (64 - 34));
7517 b2 -= b13;
7518
7519 tmp = b9 ^ b0;
7520 b9 = (tmp >> 16) | (tmp << (64 - 16));
7521 b0 -= b9;
7522
7523 tmp = b15 ^ b14;
7524 b15 = (tmp >> 30) | (tmp << (64 - 30));
7525 b14 -= b15 + k2 + t0;
7526 b15 -= k3 + 5;
7527
7528 tmp = b13 ^ b12;
7529 b13 = (tmp >> 44) | (tmp << (64 - 44));
7530 b12 -= b13 + k0;
7531 b13 -= k1 + t2;
7532
7533 tmp = b11 ^ b10;
7534 b11 = (tmp >> 47) | (tmp << (64 - 47));
7535 b10 -= b11 + k15;
7536 b11 -= k16;
7537
7538 tmp = b9 ^ b8;
7539 b9 = (tmp >> 12) | (tmp << (64 - 12));
7540 b8 -= b9 + k13;
7541 b9 -= k14;
7542
7543 tmp = b7 ^ b6;
7544 b7 = (tmp >> 31) | (tmp << (64 - 31));
7545 b6 -= b7 + k11;
7546 b7 -= k12;
7547
7548 tmp = b5 ^ b4;
7549 b5 = (tmp >> 37) | (tmp << (64 - 37));
7550 b4 -= b5 + k9;
7551 b5 -= k10;
7552
7553 tmp = b3 ^ b2;
7554 b3 = (tmp >> 9) | (tmp << (64 - 9));
7555 b2 -= b3 + k7;
7556 b3 -= k8;
7557
7558 tmp = b1 ^ b0;
7559 b1 = (tmp >> 41) | (tmp << (64 - 41));
7560 b0 -= b1 + k5;
7561 b1 -= k6;
7562
7563 tmp = b7 ^ b12;
7564 b7 = (tmp >> 25) | (tmp << (64 - 25));
7565 b12 -= b7;
7566
7567 tmp = b3 ^ b10;
7568 b3 = (tmp >> 16) | (tmp << (64 - 16));
7569 b10 -= b3;
7570
7571 tmp = b5 ^ b8;
7572 b5 = (tmp >> 28) | (tmp << (64 - 28));
7573 b8 -= b5;
7574
7575 tmp = b1 ^ b14;
7576 b1 = (tmp >> 47) | (tmp << (64 - 47));
7577 b14 -= b1;
7578
7579 tmp = b9 ^ b4;
7580 b9 = (tmp >> 41) | (tmp << (64 - 41));
7581 b4 -= b9;
7582
7583 tmp = b13 ^ b6;
7584 b13 = (tmp >> 48) | (tmp << (64 - 48));
7585 b6 -= b13;
7586
7587 tmp = b11 ^ b2;
7588 b11 = (tmp >> 20) | (tmp << (64 - 20));
7589 b2 -= b11;
7590
7591 tmp = b15 ^ b0;
7592 b15 = (tmp >> 5) | (tmp << (64 - 5));
7593 b0 -= b15;
7594
7595 tmp = b9 ^ b10;
7596 b9 = (tmp >> 17) | (tmp << (64 - 17));
7597 b10 -= b9;
7598
7599 tmp = b11 ^ b8;
7600 b11 = (tmp >> 59) | (tmp << (64 - 59));
7601 b8 -= b11;
7602
7603 tmp = b13 ^ b14;
7604 b13 = (tmp >> 41) | (tmp << (64 - 41));
7605 b14 -= b13;
7606
7607 tmp = b15 ^ b12;
7608 b15 = (tmp >> 34) | (tmp << (64 - 34));
7609 b12 -= b15;
7610
7611 tmp = b1 ^ b6;
7612 b1 = (tmp >> 13) | (tmp << (64 - 13));
7613 b6 -= b1;
7614
7615 tmp = b3 ^ b4;
7616 b3 = (tmp >> 51) | (tmp << (64 - 51));
7617 b4 -= b3;
7618
7619 tmp = b5 ^ b2;
7620 b5 = (tmp >> 4) | (tmp << (64 - 4));
7621 b2 -= b5;
7622
7623 tmp = b7 ^ b0;
7624 b7 = (tmp >> 33) | (tmp << (64 - 33));
7625 b0 -= b7;
7626
7627 tmp = b1 ^ b8;
7628 b1 = (tmp >> 52) | (tmp << (64 - 52));
7629 b8 -= b1;
7630
7631 tmp = b5 ^ b14;
7632 b5 = (tmp >> 23) | (tmp << (64 - 23));
7633 b14 -= b5;
7634
7635 tmp = b3 ^ b12;
7636 b3 = (tmp >> 18) | (tmp << (64 - 18));
7637 b12 -= b3;
7638
7639 tmp = b7 ^ b10;
7640 b7 = (tmp >> 49) | (tmp << (64 - 49));
7641 b10 -= b7;
7642
7643 tmp = b15 ^ b4;
7644 b15 = (tmp >> 55) | (tmp << (64 - 55));
7645 b4 -= b15;
7646
7647 tmp = b11 ^ b6;
7648 b11 = (tmp >> 10) | (tmp << (64 - 10));
7649 b6 -= b11;
7650
7651 tmp = b13 ^ b2;
7652 b13 = (tmp >> 19) | (tmp << (64 - 19));
7653 b2 -= b13;
7654
7655 tmp = b9 ^ b0;
7656 b9 = (tmp >> 38) | (tmp << (64 - 38));
7657 b0 -= b9;
7658
7659 tmp = b15 ^ b14;
7660 b15 = (tmp >> 37) | (tmp << (64 - 37));
7661 b14 -= b15 + k1 + t2;
7662 b15 -= k2 + 4;
7663
7664 tmp = b13 ^ b12;
7665 b13 = (tmp >> 22) | (tmp << (64 - 22));
7666 b12 -= b13 + k16;
7667 b13 -= k0 + t1;
7668
7669 tmp = b11 ^ b10;
7670 b11 = (tmp >> 17) | (tmp << (64 - 17));
7671 b10 -= b11 + k14;
7672 b11 -= k15;
7673
7674 tmp = b9 ^ b8;
7675 b9 = (tmp >> 8) | (tmp << (64 - 8));
7676 b8 -= b9 + k12;
7677 b9 -= k13;
7678
7679 tmp = b7 ^ b6;
7680 b7 = (tmp >> 47) | (tmp << (64 - 47));
7681 b6 -= b7 + k10;
7682 b7 -= k11;
7683
7684 tmp = b5 ^ b4;
7685 b5 = (tmp >> 8) | (tmp << (64 - 8));
7686 b4 -= b5 + k8;
7687 b5 -= k9;
7688
7689 tmp = b3 ^ b2;
7690 b3 = (tmp >> 13) | (tmp << (64 - 13));
7691 b2 -= b3 + k6;
7692 b3 -= k7;
7693
7694 tmp = b1 ^ b0;
7695 b1 = (tmp >> 24) | (tmp << (64 - 24));
7696 b0 -= b1 + k4;
7697 b1 -= k5;
7698
7699 tmp = b7 ^ b12;
7700 b7 = (tmp >> 20) | (tmp << (64 - 20));
7701 b12 -= b7;
7702
7703 tmp = b3 ^ b10;
7704 b3 = (tmp >> 37) | (tmp << (64 - 37));
7705 b10 -= b3;
7706
7707 tmp = b5 ^ b8;
7708 b5 = (tmp >> 31) | (tmp << (64 - 31));
7709 b8 -= b5;
7710
7711 tmp = b1 ^ b14;
7712 b1 = (tmp >> 23) | (tmp << (64 - 23));
7713 b14 -= b1;
7714
7715 tmp = b9 ^ b4;
7716 b9 = (tmp >> 52) | (tmp << (64 - 52));
7717 b4 -= b9;
7718
7719 tmp = b13 ^ b6;
7720 b13 = (tmp >> 35) | (tmp << (64 - 35));
7721 b6 -= b13;
7722
7723 tmp = b11 ^ b2;
7724 b11 = (tmp >> 48) | (tmp << (64 - 48));
7725 b2 -= b11;
7726
7727 tmp = b15 ^ b0;
7728 b15 = (tmp >> 9) | (tmp << (64 - 9));
7729 b0 -= b15;
7730
7731 tmp = b9 ^ b10;
7732 b9 = (tmp >> 25) | (tmp << (64 - 25));
7733 b10 -= b9;
7734
7735 tmp = b11 ^ b8;
7736 b11 = (tmp >> 44) | (tmp << (64 - 44));
7737 b8 -= b11;
7738
7739 tmp = b13 ^ b14;
7740 b13 = (tmp >> 42) | (tmp << (64 - 42));
7741 b14 -= b13;
7742
7743 tmp = b15 ^ b12;
7744 b15 = (tmp >> 19) | (tmp << (64 - 19));
7745 b12 -= b15;
7746
7747 tmp = b1 ^ b6;
7748 b1 = (tmp >> 46) | (tmp << (64 - 46));
7749 b6 -= b1;
7750
7751 tmp = b3 ^ b4;
7752 b3 = (tmp >> 47) | (tmp << (64 - 47));
7753 b4 -= b3;
7754
7755 tmp = b5 ^ b2;
7756 b5 = (tmp >> 44) | (tmp << (64 - 44));
7757 b2 -= b5;
7758
7759 tmp = b7 ^ b0;
7760 b7 = (tmp >> 31) | (tmp << (64 - 31));
7761 b0 -= b7;
7762
7763 tmp = b1 ^ b8;
7764 b1 = (tmp >> 41) | (tmp << (64 - 41));
7765 b8 -= b1;
7766
7767 tmp = b5 ^ b14;
7768 b5 = (tmp >> 42) | (tmp << (64 - 42));
7769 b14 -= b5;
7770
7771 tmp = b3 ^ b12;
7772 b3 = (tmp >> 53) | (tmp << (64 - 53));
7773 b12 -= b3;
7774
7775 tmp = b7 ^ b10;
7776 b7 = (tmp >> 4) | (tmp << (64 - 4));
7777 b10 -= b7;
7778
7779 tmp = b15 ^ b4;
7780 b15 = (tmp >> 51) | (tmp << (64 - 51));
7781 b4 -= b15;
7782
7783 tmp = b11 ^ b6;
7784 b11 = (tmp >> 56) | (tmp << (64 - 56));
7785 b6 -= b11;
7786
7787 tmp = b13 ^ b2;
7788 b13 = (tmp >> 34) | (tmp << (64 - 34));
7789 b2 -= b13;
7790
7791 tmp = b9 ^ b0;
7792 b9 = (tmp >> 16) | (tmp << (64 - 16));
7793 b0 -= b9;
7794
7795 tmp = b15 ^ b14;
7796 b15 = (tmp >> 30) | (tmp << (64 - 30));
7797 b14 -= b15 + k0 + t1;
7798 b15 -= k1 + 3;
7799
7800 tmp = b13 ^ b12;
7801 b13 = (tmp >> 44) | (tmp << (64 - 44));
7802 b12 -= b13 + k15;
7803 b13 -= k16 + t0;
7804
7805 tmp = b11 ^ b10;
7806 b11 = (tmp >> 47) | (tmp << (64 - 47));
7807 b10 -= b11 + k13;
7808 b11 -= k14;
7809
7810 tmp = b9 ^ b8;
7811 b9 = (tmp >> 12) | (tmp << (64 - 12));
7812 b8 -= b9 + k11;
7813 b9 -= k12;
7814
7815 tmp = b7 ^ b6;
7816 b7 = (tmp >> 31) | (tmp << (64 - 31));
7817 b6 -= b7 + k9;
7818 b7 -= k10;
7819
7820 tmp = b5 ^ b4;
7821 b5 = (tmp >> 37) | (tmp << (64 - 37));
7822 b4 -= b5 + k7;
7823 b5 -= k8;
7824
7825 tmp = b3 ^ b2;
7826 b3 = (tmp >> 9) | (tmp << (64 - 9));
7827 b2 -= b3 + k5;
7828 b3 -= k6;
7829
7830 tmp = b1 ^ b0;
7831 b1 = (tmp >> 41) | (tmp << (64 - 41));
7832 b0 -= b1 + k3;
7833 b1 -= k4;
7834
7835 tmp = b7 ^ b12;
7836 b7 = (tmp >> 25) | (tmp << (64 - 25));
7837 b12 -= b7;
7838
7839 tmp = b3 ^ b10;
7840 b3 = (tmp >> 16) | (tmp << (64 - 16));
7841 b10 -= b3;
7842
7843 tmp = b5 ^ b8;
7844 b5 = (tmp >> 28) | (tmp << (64 - 28));
7845 b8 -= b5;
7846
7847 tmp = b1 ^ b14;
7848 b1 = (tmp >> 47) | (tmp << (64 - 47));
7849 b14 -= b1;
7850
7851 tmp = b9 ^ b4;
7852 b9 = (tmp >> 41) | (tmp << (64 - 41));
7853 b4 -= b9;
7854
7855 tmp = b13 ^ b6;
7856 b13 = (tmp >> 48) | (tmp << (64 - 48));
7857 b6 -= b13;
7858
7859 tmp = b11 ^ b2;
7860 b11 = (tmp >> 20) | (tmp << (64 - 20));
7861 b2 -= b11;
7862
7863 tmp = b15 ^ b0;
7864 b15 = (tmp >> 5) | (tmp << (64 - 5));
7865 b0 -= b15;
7866
7867 tmp = b9 ^ b10;
7868 b9 = (tmp >> 17) | (tmp << (64 - 17));
7869 b10 -= b9;
7870
7871 tmp = b11 ^ b8;
7872 b11 = (tmp >> 59) | (tmp << (64 - 59));
7873 b8 -= b11;
7874
7875 tmp = b13 ^ b14;
7876 b13 = (tmp >> 41) | (tmp << (64 - 41));
7877 b14 -= b13;
7878
7879 tmp = b15 ^ b12;
7880 b15 = (tmp >> 34) | (tmp << (64 - 34));
7881 b12 -= b15;
7882
7883 tmp = b1 ^ b6;
7884 b1 = (tmp >> 13) | (tmp << (64 - 13));
7885 b6 -= b1;
7886
7887 tmp = b3 ^ b4;
7888 b3 = (tmp >> 51) | (tmp << (64 - 51));
7889 b4 -= b3;
7890
7891 tmp = b5 ^ b2;
7892 b5 = (tmp >> 4) | (tmp << (64 - 4));
7893 b2 -= b5;
7894
7895 tmp = b7 ^ b0;
7896 b7 = (tmp >> 33) | (tmp << (64 - 33));
7897 b0 -= b7;
7898
7899 tmp = b1 ^ b8;
7900 b1 = (tmp >> 52) | (tmp << (64 - 52));
7901 b8 -= b1;
7902
7903 tmp = b5 ^ b14;
7904 b5 = (tmp >> 23) | (tmp << (64 - 23));
7905 b14 -= b5;
7906
7907 tmp = b3 ^ b12;
7908 b3 = (tmp >> 18) | (tmp << (64 - 18));
7909 b12 -= b3;
7910
7911 tmp = b7 ^ b10;
7912 b7 = (tmp >> 49) | (tmp << (64 - 49));
7913 b10 -= b7;
7914
7915 tmp = b15 ^ b4;
7916 b15 = (tmp >> 55) | (tmp << (64 - 55));
7917 b4 -= b15;
7918
7919 tmp = b11 ^ b6;
7920 b11 = (tmp >> 10) | (tmp << (64 - 10));
7921 b6 -= b11;
7922
7923 tmp = b13 ^ b2;
7924 b13 = (tmp >> 19) | (tmp << (64 - 19));
7925 b2 -= b13;
7926
7927 tmp = b9 ^ b0;
7928 b9 = (tmp >> 38) | (tmp << (64 - 38));
7929 b0 -= b9;
7930
7931 tmp = b15 ^ b14;
7932 b15 = (tmp >> 37) | (tmp << (64 - 37));
7933 b14 -= b15 + k16 + t0;
7934 b15 -= k0 + 2;
7935
7936 tmp = b13 ^ b12;
7937 b13 = (tmp >> 22) | (tmp << (64 - 22));
7938 b12 -= b13 + k14;
7939 b13 -= k15 + t2;
7940
7941 tmp = b11 ^ b10;
7942 b11 = (tmp >> 17) | (tmp << (64 - 17));
7943 b10 -= b11 + k12;
7944 b11 -= k13;
7945
7946 tmp = b9 ^ b8;
7947 b9 = (tmp >> 8) | (tmp << (64 - 8));
7948 b8 -= b9 + k10;
7949 b9 -= k11;
7950
7951 tmp = b7 ^ b6;
7952 b7 = (tmp >> 47) | (tmp << (64 - 47));
7953 b6 -= b7 + k8;
7954 b7 -= k9;
7955
7956 tmp = b5 ^ b4;
7957 b5 = (tmp >> 8) | (tmp << (64 - 8));
7958 b4 -= b5 + k6;
7959 b5 -= k7;
7960
7961 tmp = b3 ^ b2;
7962 b3 = (tmp >> 13) | (tmp << (64 - 13));
7963 b2 -= b3 + k4;
7964 b3 -= k5;
7965
7966 tmp = b1 ^ b0;
7967 b1 = (tmp >> 24) | (tmp << (64 - 24));
7968 b0 -= b1 + k2;
7969 b1 -= k3;
7970
7971 tmp = b7 ^ b12;
7972 b7 = (tmp >> 20) | (tmp << (64 - 20));
7973 b12 -= b7;
7974
7975 tmp = b3 ^ b10;
7976 b3 = (tmp >> 37) | (tmp << (64 - 37));
7977 b10 -= b3;
7978
7979 tmp = b5 ^ b8;
7980 b5 = (tmp >> 31) | (tmp << (64 - 31));
7981 b8 -= b5;
7982
7983 tmp = b1 ^ b14;
7984 b1 = (tmp >> 23) | (tmp << (64 - 23));
7985 b14 -= b1;
7986
7987 tmp = b9 ^ b4;
7988 b9 = (tmp >> 52) | (tmp << (64 - 52));
7989 b4 -= b9;
7990
7991 tmp = b13 ^ b6;
7992 b13 = (tmp >> 35) | (tmp << (64 - 35));
7993 b6 -= b13;
7994
7995 tmp = b11 ^ b2;
7996 b11 = (tmp >> 48) | (tmp << (64 - 48));
7997 b2 -= b11;
7998
7999 tmp = b15 ^ b0;
8000 b15 = (tmp >> 9) | (tmp << (64 - 9));
8001 b0 -= b15;
8002
8003 tmp = b9 ^ b10;
8004 b9 = (tmp >> 25) | (tmp << (64 - 25));
8005 b10 -= b9;
8006
8007 tmp = b11 ^ b8;
8008 b11 = (tmp >> 44) | (tmp << (64 - 44));
8009 b8 -= b11;
8010
8011 tmp = b13 ^ b14;
8012 b13 = (tmp >> 42) | (tmp << (64 - 42));
8013 b14 -= b13;
8014
8015 tmp = b15 ^ b12;
8016 b15 = (tmp >> 19) | (tmp << (64 - 19));
8017 b12 -= b15;
8018
8019 tmp = b1 ^ b6;
8020 b1 = (tmp >> 46) | (tmp << (64 - 46));
8021 b6 -= b1;
8022
8023 tmp = b3 ^ b4;
8024 b3 = (tmp >> 47) | (tmp << (64 - 47));
8025 b4 -= b3;
8026
8027 tmp = b5 ^ b2;
8028 b5 = (tmp >> 44) | (tmp << (64 - 44));
8029 b2 -= b5;
8030
8031 tmp = b7 ^ b0;
8032 b7 = (tmp >> 31) | (tmp << (64 - 31));
8033 b0 -= b7;
8034
8035 tmp = b1 ^ b8;
8036 b1 = (tmp >> 41) | (tmp << (64 - 41));
8037 b8 -= b1;
8038
8039 tmp = b5 ^ b14;
8040 b5 = (tmp >> 42) | (tmp << (64 - 42));
8041 b14 -= b5;
8042
8043 tmp = b3 ^ b12;
8044 b3 = (tmp >> 53) | (tmp << (64 - 53));
8045 b12 -= b3;
8046
8047 tmp = b7 ^ b10;
8048 b7 = (tmp >> 4) | (tmp << (64 - 4));
8049 b10 -= b7;
8050
8051 tmp = b15 ^ b4;
8052 b15 = (tmp >> 51) | (tmp << (64 - 51));
8053 b4 -= b15;
8054
8055 tmp = b11 ^ b6;
8056 b11 = (tmp >> 56) | (tmp << (64 - 56));
8057 b6 -= b11;
8058
8059 tmp = b13 ^ b2;
8060 b13 = (tmp >> 34) | (tmp << (64 - 34));
8061 b2 -= b13;
8062
8063 tmp = b9 ^ b0;
8064 b9 = (tmp >> 16) | (tmp << (64 - 16));
8065 b0 -= b9;
8066
8067 tmp = b15 ^ b14;
8068 b15 = (tmp >> 30) | (tmp << (64 - 30));
8069 b14 -= b15 + k15 + t2;
8070 b15 -= k16 + 1;
8071
8072 tmp = b13 ^ b12;
8073 b13 = (tmp >> 44) | (tmp << (64 - 44));
8074 b12 -= b13 + k13;
8075 b13 -= k14 + t1;
8076
8077 tmp = b11 ^ b10;
8078 b11 = (tmp >> 47) | (tmp << (64 - 47));
8079 b10 -= b11 + k11;
8080 b11 -= k12;
8081
8082 tmp = b9 ^ b8;
8083 b9 = (tmp >> 12) | (tmp << (64 - 12));
8084 b8 -= b9 + k9;
8085 b9 -= k10;
8086
8087 tmp = b7 ^ b6;
8088 b7 = (tmp >> 31) | (tmp << (64 - 31));
8089 b6 -= b7 + k7;
8090 b7 -= k8;
8091
8092 tmp = b5 ^ b4;
8093 b5 = (tmp >> 37) | (tmp << (64 - 37));
8094 b4 -= b5 + k5;
8095 b5 -= k6;
8096
8097 tmp = b3 ^ b2;
8098 b3 = (tmp >> 9) | (tmp << (64 - 9));
8099 b2 -= b3 + k3;
8100 b3 -= k4;
8101
8102 tmp = b1 ^ b0;
8103 b1 = (tmp >> 41) | (tmp << (64 - 41));
8104 b0 -= b1 + k1;
8105 b1 -= k2;
8106
8107 tmp = b7 ^ b12;
8108 b7 = (tmp >> 25) | (tmp << (64 - 25));
8109 b12 -= b7;
8110
8111 tmp = b3 ^ b10;
8112 b3 = (tmp >> 16) | (tmp << (64 - 16));
8113 b10 -= b3;
8114
8115 tmp = b5 ^ b8;
8116 b5 = (tmp >> 28) | (tmp << (64 - 28));
8117 b8 -= b5;
8118
8119 tmp = b1 ^ b14;
8120 b1 = (tmp >> 47) | (tmp << (64 - 47));
8121 b14 -= b1;
8122
8123 tmp = b9 ^ b4;
8124 b9 = (tmp >> 41) | (tmp << (64 - 41));
8125 b4 -= b9;
8126
8127 tmp = b13 ^ b6;
8128 b13 = (tmp >> 48) | (tmp << (64 - 48));
8129 b6 -= b13;
8130
8131 tmp = b11 ^ b2;
8132 b11 = (tmp >> 20) | (tmp << (64 - 20));
8133 b2 -= b11;
8134
8135 tmp = b15 ^ b0;
8136 b15 = (tmp >> 5) | (tmp << (64 - 5));
8137 b0 -= b15;
8138
8139 tmp = b9 ^ b10;
8140 b9 = (tmp >> 17) | (tmp << (64 - 17));
8141 b10 -= b9;
8142
8143 tmp = b11 ^ b8;
8144 b11 = (tmp >> 59) | (tmp << (64 - 59));
8145 b8 -= b11;
8146
8147 tmp = b13 ^ b14;
8148 b13 = (tmp >> 41) | (tmp << (64 - 41));
8149 b14 -= b13;
8150
8151 tmp = b15 ^ b12;
8152 b15 = (tmp >> 34) | (tmp << (64 - 34));
8153 b12 -= b15;
8154
8155 tmp = b1 ^ b6;
8156 b1 = (tmp >> 13) | (tmp << (64 - 13));
8157 b6 -= b1;
8158
8159 tmp = b3 ^ b4;
8160 b3 = (tmp >> 51) | (tmp << (64 - 51));
8161 b4 -= b3;
8162
8163 tmp = b5 ^ b2;
8164 b5 = (tmp >> 4) | (tmp << (64 - 4));
8165 b2 -= b5;
8166
8167 tmp = b7 ^ b0;
8168 b7 = (tmp >> 33) | (tmp << (64 - 33));
8169 b0 -= b7;
8170
8171 tmp = b1 ^ b8;
8172 b1 = (tmp >> 52) | (tmp << (64 - 52));
8173 b8 -= b1;
8174
8175 tmp = b5 ^ b14;
8176 b5 = (tmp >> 23) | (tmp << (64 - 23));
8177 b14 -= b5;
8178
8179 tmp = b3 ^ b12;
8180 b3 = (tmp >> 18) | (tmp << (64 - 18));
8181 b12 -= b3;
8182
8183 tmp = b7 ^ b10;
8184 b7 = (tmp >> 49) | (tmp << (64 - 49));
8185 b10 -= b7;
8186
8187 tmp = b15 ^ b4;
8188 b15 = (tmp >> 55) | (tmp << (64 - 55));
8189 b4 -= b15;
8190
8191 tmp = b11 ^ b6;
8192 b11 = (tmp >> 10) | (tmp << (64 - 10));
8193 b6 -= b11;
8194
8195 tmp = b13 ^ b2;
8196 b13 = (tmp >> 19) | (tmp << (64 - 19));
8197 b2 -= b13;
8198
8199 tmp = b9 ^ b0;
8200 b9 = (tmp >> 38) | (tmp << (64 - 38));
8201 b0 -= b9;
8202
8203 tmp = b15 ^ b14;
8204 b15 = (tmp >> 37) | (tmp << (64 - 37));
8205 b14 -= b15 + k14 + t1;
8206 b15 -= k15;
8207
8208 tmp = b13 ^ b12;
8209 b13 = (tmp >> 22) | (tmp << (64 - 22));
8210 b12 -= b13 + k12;
8211 b13 -= k13 + t0;
8212
8213 tmp = b11 ^ b10;
8214 b11 = (tmp >> 17) | (tmp << (64 - 17));
8215 b10 -= b11 + k10;
8216 b11 -= k11;
8217
8218 tmp = b9 ^ b8;
8219 b9 = (tmp >> 8) | (tmp << (64 - 8));
8220 b8 -= b9 + k8;
8221 b9 -= k9;
8222
8223 tmp = b7 ^ b6;
8224 b7 = (tmp >> 47) | (tmp << (64 - 47));
8225 b6 -= b7 + k6;
8226 b7 -= k7;
8227
8228 tmp = b5 ^ b4;
8229 b5 = (tmp >> 8) | (tmp << (64 - 8));
8230 b4 -= b5 + k4;
8231 b5 -= k5;
8232
8233 tmp = b3 ^ b2;
8234 b3 = (tmp >> 13) | (tmp << (64 - 13));
8235 b2 -= b3 + k2;
8236 b3 -= k3;
8237
8238 tmp = b1 ^ b0;
8239 b1 = (tmp >> 24) | (tmp << (64 - 24));
8240 b0 -= b1 + k0;
8241 b1 -= k1;
8242
8243 output[15] = b15;
8244 output[14] = b14;
8245 output[13] = b13;
8246 output[12] = b12;
8247 output[11] = b11;
8248 output[10] = b10;
8249 output[9] = b9;
8250 output[8] = b8;
8251 output[7] = b7;
8252 output[6] = b6;
8253 output[5] = b5;
8254 output[4] = b4;
8255 output[3] = b3;
8256 output[2] = b2;
8257 output[1] = b1;
8258 output[0] = b0;
8259 }
ubuntu-bionic-kernel mirror